- Newest
- Most votes
- Most comments
Hi, For this case your team should open a ticket regarding the Managed AWS WAF Rules. If you have TAM/SA managing your account then can ask their help as well to get some guidance from the group managing the WAF list and product team how to get the ASN IP address being taken out from the list.
I am not sure if you have some sort of control on the WAF configuration, and potentially to put some allow-listing using custom rule temporary. But the best approach will be via support team to handle the exemption.
Hi, Thanks for this info. Unfortunately for anyone without a paid support contract, they cannot raise a ticket with AWS support (as end users), is there an alternative way of raising this do you know?
The HostingProviderIPList contains a list of all known hosting providers (except Amazon), which includes both reputable and not-so reputable providers. It's very much a blunt instrument. Inclusion in the list would be ASN-based so if you are advertising residential ranges from the same ASN as your hosting business, this may explain inclusion.
You can request exclusion via a support case however the criteria are not transparent - it's done on a case-by-case basis. If you have no support or your request to exclude is denied then you are best off contacting the owner of the online property who has deployed a WAF WebACL containing the 'HostingProviderIPList' rulegroup, and ask them to exclude your IPs or CIDR ranges range by creating an IPSet 'ipset_excluded_list' and adding a scope-down statement in conjunction with the managed rule-group e.g. "If NOT source-ip originates from 'ipset_excluded_list'".
Please note that both 'HostingProviderIPList' and 'AnonymousIPList' are not sourced from AWS internal threat intelligence, they come rather from a 3rd-party however at this stage we are not identifying that provider.
Relevant content
- asked 3 months ago
- asked a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
I was worried that might be the case, I'll have to see about doing that. I was hoping there would be some kind of standardized method to publish information for ingest that would mark the IPs in question as 'end user' IP addresses or something like that. We have done rDNS work and location data for the IPs but nothing seems aimed at this kind of thing. A lot of cloud providers and service/app providers seem to just do whatever they want in cases like this and seldom have a good option to fix it when it goes wrong.
I have finally had some success on this issue and after a few weeks working on a ticket with AWS support, they finally acknowledged that they CAN check whether my IP addresses were on the Anonymous or Hosting Service IP lists and confirmed they were not but they could not indicate why they were being blocked. Eventually I had to deal with each individual website/app to get some IPs unblocked. It was frustrating that it took AWS support weeks to admit they could check the lists for my IPs when at first they denied the ability to do so.