Hi,
I got some complaints from customers and found out that all IP addresses announced in one of our ASN are banned by Akamai or some websites hosted with Akamai.
I’ve tried to contact one of the website owners but didn’t get any response.
Could someone from Akamai contact me off-list?
Regards,
Siyuan Miao
Akamai will _NOT_ be helpful in this situation.
They will tell you that it is their customers who set the policy for their “Web Application Firewall”.
In reality, Akamai’s customers set certain things on “autopilot” where Akamai maintains a reputation database for various IP addresses and triggers actions
set by their customers without their customers direct knowledge or intervention.
Akamai’s process for dealing with this (or rather their refusal to create a process for dealing with it) is a horrible disservice to the internet and to their customers.
I tried to push for changes to this process while I was there and had no significant success.
I’ve also been the victim of these practices after I was laid off by Akamai (along with about 7% of their employees last year).
Because of a variety of issues I’m not at liberty to elaborate, it isn’t an easy problem for Akamai to solve, but as a company that prides itself on tackling and solving difficult problems, they’ve certainly fallen short here.
Owen
All companies have unique challenges in trying to mitigate abuse and serve customers well.
Miao I’ll collect details from you in private to see if there is something that can be done.
FYI: you can look things up here if you think something is blocking
you:
https://www.akamai.com/us/en/clientrep-lookup/?language=en_US
- Jared
Well, isn't that just jammed up with malicious third-party javascript ...
I think it’s a general problem with a lot of these application firewall companies these days.
There’s been a long time I couldn’t access both staples.com and officedepot.com, and officedepot.com is still broken for me to this day. (Ironically, they’re both using the same CDN — so much for the competition and differentiation.)
I’m obviously a valid user, just as many others who get access denied, but I’m pretty sure that all of these access attempts by customers who are misclassified as bots and denied access are subsequently aggregated by these CDNs back to their clients as bad bots, which — luckily! — have been blocked to prevent $badThings from happening, $giveUsMoreMoneyToProtectYouFromYourOwnCustomers.
Talking with these vendors at their booths at trade shows reveals that the incentives and selling points in the application firewall business are just wrong — they each boast about blocking more “bots” than their competition, completely dismissing the fact that many of these “bots” are actual paying customers that get denied access.
Cheers,
Constantine.
P.S. Below is the page I currently get when visiting officedepot.com — so much for taking care of business!
Hopefully Jared can fix it. Owen’s description matches up very well with my experiences in trying to fix similar problems at Akamai.
Don't worry, I can't access my car owners insurance website
from the country i'm in as well due to a similar WAF config on another
CDN.
I've replied to both people that posted to the list with some
further details. Don't hesitate to reach out if you're not getting
a response or have questions about your experiences with akamai.
We are here and will do our best to fix things, but also
similar to my car insurance folks who don't want me to have access
from this country, keep in mind our customers may also have configured
policy to block certain clients or behaviors.
I can reach out to the account teams to have them confirm
with customer the config is right if it seems odd.
- Jared