Re: [swinog] CDN: Access Denied Reference #18.cad1f557.1634833505.1903b12e
> Are you sure Amazon is responsible? I mainly see Akamai as a CDN here. But > maybe it's different, depending on the source IP address... Aeh! s/Amazon/Akamai/ sorry! > For Akamai, this may be of interest: > https://www.akamai.com/us/en/clientrep-lookup/ I stumbled over this page, but discarded as I could not enter the affected IP. I'm now sent the link to the affected customer. Let's see if he is getting any result. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] CDN: Access Denied Reference #18.cad1f557.1634833505.1903b12e
> I opened a case with Amazon Are you sure Amazon is responsible? I mainly see Akamai as a CDN here. But maybe it's different, depending on the source IP address... > $ dig +short www.klm.com > www.klm.com.edgekey.net. > e40771.a.akamaiedge.net. > 80.67.82.17 > 80.67.82.16 > > $ dig +short www.easyjet.com > www.easyjet.com.edgekey.net. > e6158.x.akamaiedge.net. > 2.20.17.112 For Akamai, this may be of interest: https://www.akamai.com/us/en/clientrep-lookup/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] CDN: Access Denied Reference #18.cad1f557.1634833505.1903b12e
Hi, Did you check if the customer's network is maybe infected with some botnet or spambot that triggers honeypots? Clearly, if the IP changes and the customer gets blocked again, it is something being caused by the source IP... Netflow... Netflow all the things ;) Greets, Jeroen -- > On 20211026, at 09:19, Benoit Panizzon wrote: > > Dear Colleagues > > We have a customer whose IP keep getting blocked by various CDN > operators. > > If we change his IP, this solved the issue for a couple of days, then > he is blocked again. Actual IP: 87.102.212.133 > > At the moment, this IP is being blocked by the CDN used by: > > klm.com > nespresso.com > easyjet.com > > I opened a case with Amazon, as this is the ones that host the > easyjet.com CDN but they replied that he is blocked 'upstream' by their > customer easyjet. > > Our customer called the Easyjet Helpdesk, but they have no clue what > generates this error and sent him to is ISP :-/ > > We don't get any kind of complaints regarding the IP of this customer. > > https://multirbl.valli.org/lookup/87.102.212.133.html > > Two entries on blacklist I am not familiar with. One of them about an > email misconfiguration? > > All the customer is seing on the webpage is: > > === snipp === > Access Denied > > You don't have permission to access "http://www.easyjet.com/; on this server. > > Reference #18.57d61202.1634833697.32bab06 > === snapp === > > Any hints on how to solve or what blocking provider is used (all pages > show a very similar message with similar ID) are appreciated. > > PS: Yes, google is finding reports of this exact issue. None I found > provided any useful hint on what causes the issue. > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G-Leiter Commerce Kunden > __ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 PrattelnFax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > __ > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] CDN: Access Denied Reference #18.cad1f557.1634833505.1903b12e
Hi Jeroen > Did you check if the customer's network is maybe infected with some botnet or > spambot that triggers honeypots? Usually we learn about such incidents through GovCert or other complaints. We received none. > Clearly, if the IP changes and the customer gets blocked again, it is > something being caused by the source IP... > > Netflow... Netflow all the things ;) We only have traffic counters, no detailed netflows :-) The counters look normal. About 10:1 download:upload ratio, and similar to other customers. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] CDN: Access Denied Reference #18.cad1f557.1634833505.1903b12e
Dear Colleagues We have a customer whose IP keep getting blocked by various CDN operators. If we change his IP, this solved the issue for a couple of days, then he is blocked again. Actual IP: 87.102.212.133 At the moment, this IP is being blocked by the CDN used by: klm.com nespresso.com easyjet.com I opened a case with Amazon, as this is the ones that host the easyjet.com CDN but they replied that he is blocked 'upstream' by their customer easyjet. Our customer called the Easyjet Helpdesk, but they have no clue what generates this error and sent him to is ISP :-/ We don't get any kind of complaints regarding the IP of this customer. https://multirbl.valli.org/lookup/87.102.212.133.html Two entries on blacklist I am not familiar with. One of them about an email misconfiguration? All the customer is seing on the webpage is: === snipp === Access Denied You don't have permission to access "http://www.easyjet.com/; on this server. Reference #18.57d61202.1634833697.32bab06 === snapp === Any hints on how to solve or what blocking provider is used (all pages show a very similar message with similar ID) are appreciated. PS: Yes, google is finding reports of this exact issue. None I found provided any useful hint on what causes the issue. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
