[AusNOG] AWS CloudFront Issues
Robert Hudson
hudrob at gmail.com
Mon Feb 10 09:01:54 AEDT 2025
I agree that AWS shouldn't need to worry about the IPs - but as much as it
should t be the case in theory, in practice is is the case.
This is burning my employer badly. I'm actually not interested in blame
(the fact AWS attached IPs with a bad reputation to our services is a fact,
they themselves acknowledge it and have removed them) but rather just in a
fix. I appreciate your offer to assist, I've reached out.
On Mon, 10 Feb 2025, 8:45 am Lincoln Dale, <ltd at interlink.com.au> wrote:
>
> On Mon, Feb 10, 2025 at 7:43 AM Robert Hudson <hudrob at gmail.com> wrote:
>
>> Doesn't make it easier though when certain providers spread the problem
>> around by re-using compromised IPs.
>>
>
> The fault here lies with VirusTotal (likely actually Google, its parent)
> who are doing outmoded/outdated attaching "trust" to an IP address.
> Specifically, since RFC 2817 (almost 25 ago) one has not needed to use a
> "dedicated IP per SSL certificate". And assigning reputation on an IP of
> what is clearly a CDN is going to have its issues.
>
> There is no such thing here as a "compromised IP". The reputation for the
> IP is "This IP address has been detected as a proxy connection, which could
> be hurting your IP reputation", which is pretty much the definition of a
> CDN. The reality is CDNs as a general rule don't dedicate IPs to domains or
> customers, because there's way more domains than there are IP addresses
> allocated to serve them.
> I found the ticket internally, looks resolved, reach out if any issues.
>
>
> On Sun, Feb 9, 2025 at 9:20 PM Mitch Kelly <mitchkelly24 at gmail.com> wrote:
>
>> Sadly also having issues with CloudFront. Issues started to show their
>>>> head Tuesday last week and have been getting worse. With many sites not
>>>> working at all.
>>>>
>>> Not aware of any widespread issue.
> Same offer as to Robert, if you are looking for assistance, send it though
> to me.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20250210/8b3e3705/attachment.htm>
More information about the AusNOG
mailing list