Re: Akamai WAF

[Mike Hammett <nanog () ics-il net>]

Seems like they need a mechanism for stuff like this and not just pushing it off to their clients whose first line 
support systems aren't geared towards dealing with this kind of stuff. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Michel 'ic' Luczak" <lists () benappy com> 
To: "Justin Wilson" <lists () mtin net> 
Cc: "NANOG" <nanog () nanog org> 
Sent: Friday, May 18, 2018 9:43:26 AM 
Subject: Re: Akamai WAF 

Hi, 

> On 18 May 2018, at 16:22, Justin Wilson <lists () mtin net> wrote: 
>
> I have a client with a /24 that has somehow been blocked by folks using the Akamai WAF. This is the response we 
> received back from Akamai when we contacted them. 
>
> > On checking the machine logs for ups.com <http://ups.com/>, we found that there is WAF (web application firewall) 
> > configured by ups.com <http://ups.com/>, this has to be fixed from the site owners end. 
>
> This is happening with multiple sites, southwest.com is another. I find it odd multiple sites are doing this at the 
> same time. If just one I would believe it was a manual configuration. It seems like something has triggered it. Can 
> someone shed some light on how the WAF works? 

As far as I know they have some kind of scoring in place for end users IPs so if there is a malicious IP inside the /24 
(from Akamai’s WAF point of view) then the scoring can affect other WAFed services as well. 

BR, ic