Why AWS WAF (AWS-AWSManagedRulesAmazonIpReputationList) google ip are blacklisted?

Hello AWS Customer,

The Amazon IP reputation list is generated by Amazon internal threat intelligence and is capturing IP addresses sending traffic to Amazon properties that demonstrate non-human behavior, such as a scripted bot or unauthorized programmatic interaction.[1]

We recommend crafting a custom rule to allow traffic from the trusted IP address which is placed higher up in the rule priority order than the AWSManagedIPReputationList rule group. Alternatively, you could consider overriding the AWSManagedIPReputationList rule group to count mode in the WAF console if the list is blocking a trusted IP address.

There are more detailed methods you can implement to avoid blocking.

1. Add your own rule with allowing certain legitimate client IPs and set rule priority that to higher than the AWSManagedIPReputationList rule. This way too, if you want to use a domain, you can set it to host domain by using Header instead of IP.
2. Use the scope down statement in the AWSManagedIPReputationList rule group to exclude the IPs in the IPSet from the scope of the rule group. However, note that since public IP ranges may change regularly, this solution may require a frequent manual updates to the rule config. If you use DNS to react to changes in public IP, you can set it to host domain by using Header instead of IP in the scope down statement.[2]
   • If you want to use IP Range to apply the above ways, you need to set up certain legitimate client IPs by registering them in AWS WAF IP sets.[3]
3. Overriding the actions of a rule group or its rules to COUNT. AWS WAF overrides the terminating action so that the result of the rule group evaluation is only a count action. You can also use this option to troubleshoot a rule group that's generating false positives. However, since this overriding is related to the action of the rule, it should be noted that overriding is applied even in case of true positive of malicious act that needs to be blocked.[4]

Hope you will find this information useful. Please let me know if you have any further questions or concerns. We will be more than glad to assist you.

We are seeing this problem as well. Maintaining our own whitelists for google bots so that our pages don't encounter indexing errors (which has happened) should not be a thing that happens, when Google, Bing, Etc all provide authoritative, updated lists - and one of googles lists alone (the Triggered list) exceeds 10K entries in the CIDR definitions on its own, requiring additional logic to ensure it fits within the bounds.