Problem With "Anonymous IP List"

1

Hello, in my company we have had a blocking problem due to certain pages that are hosted on AWS, investigating within AWS we have noticed that the managed rule called "Anonymous IP list" has been blocking us by "hostingproviderIPlist" that label is wrong since our company is not hosting, where could I contact someone to solve this and update their databases so that our IPs do not suffer these blocks. My problem is more with the AWS database that contains erroneous information about the prefix that my company uses.

profile picture
hubynet
asked 9 months ago720 views
2 Answers
0

I've been through a recent battle with AWS support and eventually they did acknowledge that they can check the lists to verify whether your IP addresses are on the list or not. Theoretically they may be able to remove them though the lists are fed dynamically from external lists which AWS does not control. Essentially AWS just blindly trusts external reputation lists and categorization sources to feed their internal lists so they genuinely can't prevent your IP addresses from being listed again but they can at least verify whether your IPs are currently on the list, which is helpful to a degree.

If you can get them to verify that, you can then check external list sources that AWS may use. Unfortunately AWS has chosen not to be transparent about those sources so you may have to simply contact every 'IP Quality' or 'IP Reputation' list service around the internet to check if they have your IP addresses listed. Also make sure to make your reverse DNS for your IP addresses correct so it indicates the IP addresses for use by general internet service users as opposed to hosting servers, etc.

The same goes for the HostingProviderIPList which has no clear definition of how an IP address qualifies to be on the list, nor how to correct or remove it. It is apparently based only on some kind of reputation information from unnamed 3rd party sources. A big red flag is that AWS IPs are apparently not on the HostingProviderIPList, which seems like an obvious oversite since AWS is obviously one of the largest Hosting Providers on the internet.

The sad reality is that the Anonymous IP list and HostingProviderIPList are nearly pointless for use by most web application/service users because they block random IP addresses with no ability to know why or recourse to have IP addresses removed from the lists. Unless you want to spend days adding every potential legitimate user/customer to an allow list, you should probably not use them unless your application is extremely limited in user scope. In which case you might as well just block everyone and only allow your known users.

answered 8 months ago
-1

AWS WAF does not have a way to add/remove an IP from its database manually (even internally/backend). The IPs automatically get added/removed to/from the database based on various checks performed on the IPs. If the IP is/was subject to some activities/behaviours that could detect/classify it as a Hosting Provider IP, then it would have been added in the database at that time, and when such activities are stopped from this IP, the IP will automatically be removed from the database (which is not immediate and may take long time due to how the system/algorithm works).

Instead of going through the path of getting these IPs removed from the AWS database, I would suggest to follow the below Knowledge Center article to allow the legitimate IPs (your IPs).

https://repost.aws/knowledge-center/waf-allow-ip-using-reputation-anon-list

I hope it helps.

AWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions