nanog mailing list archives
Re: Amazon AWS cloudfront WAF block
From: John Curran via NANOG <nanog () lists nanog org>
Date: Sun, 1 Jun 2025 08:31:32 -0400
Out of curiosity, is there a reasonably clear document somewhere that describes how such network-level block
lists should be operated from the view of network operators; i.e., a “best practice” statement that outlines the
expectations regarding how a well-run network-level access list should go about adding entries, handle queries
about veracity of entries, and removing them? (I honestly do not know, having been removed from network
operations for quite some time.)
I note that having such expectations clearly documented allows for a variety of activities, including discussions of
compliance – and is the first step to recasting the issue from “my network is having problems because it’s {wrongly}
on the FooBlockList” to “The issue is that FooBlockList isn’t compliant with accepted best practices in this area.”
/John
On May 29, 2025, at 9:18 PM, Tom Beecher via NANOG <nanog () lists nanog org> wrote:I cannot fathom how citing some cases and section 230 will help the original poster get a hold of someone at Amazon and/or resolve their issue.It won't, no. But not much else will either. AWS default WAF lists are notoriously bad. They often include things they shouldn't. If you are an AWS customer they'll tell you to make your own edits to fix these problems. If you aren't (as in the OP's case ), they won't even really talk to you, as the OP experienced. It's of course exceptionally frustrating when you're in the OP's shoes with this stuff, but this is the unfortunate reality when people chose to use ass products like this. On Thu, May 29, 2025 at 3:52 PM Mu via NANOG <nanog () lists nanog org> wrote:On Thursday, May 29th, 2025 at 3:35 PM, John Levine via NANOG < nanog () lists nanog org> wrote:It appears that William Herrin via NANOG nanog () lists nanog org said:On Thu, May 29, 2025 at 10:57 AM Andrew Kirch trelane () trelane netwrote:(A)any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protectedHi Andrew, The key phrase here is "taken in good faith." After I've notified you of an error, your action stops being good faith.Uh, no. I have no duty to believe what you claim. Having looked at a lot of case law I can tell you that the only casewhere acourt did not find good faith was a strange one where one anti-malwareservicelisted another (for what looked like good reasons) and a court assumedthatsince they were direct competitors it wasn't good faith. Other thanthat, if Ithink your traffic is objectionable, I can reject it. Seehttps://blog.ericgoldman.org/archives/2024/06/this-case-keeps-wrecking-internet-law-enigma-v-malwarebytes.htmIn practice, threatening to sue Amazon is a dumb thing to do becausethey havefar more lawyers and experience and money than you do. This is obviouslyascrewup and figuring out who to ask nicely is far more likely to workthansending threats you can't actually carry out. R's, John PS: Wasn't the original question from someone in South Africa? I have noideawhat their law is like, or if Amazon even has enough presence there tosue._______________________________________________ NANOG mailing listhttps://lists.nanog.org/archives/list/nanog () lists nanog org/message/QGOVMLWJ36MZ3V5PZAZK3DH3PQKBRN5W/ Respectfully, is anyone here an actual lawyer giving legal advice? If not, can we maybe just suggest that everyone consults with their own lawyers about what actions they do or do not want to take? Obviously the original comment about sending a legal letter was made out of frustration because reaching an actual human at some of these megacorps is often like pulling teeth. I don't blame them for being frustrated. With that said, I cannot fathom how citing some cases and section 230 will help the original poster get a hold of someone at Amazon and/or resolve their issue. -mu _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/WQOPS73CIQFM725J4N3BW44T6KCQPQ72/_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SD7KRQCPJYEQWDT7BJSAN2UE7FDEA3QQ/
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/D6P5YA2WT5EKFUPS3FMN2CL73AHU5Z57/
Current thread:
- Re: Amazon AWS cloudfront WAF block John Curran via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John R. Levine via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John Curran via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block Rob McEwen via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John R. Levine via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block Jon Lewis via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John Curran via NANOG (Jun 01)
- Re: blocklists Amazon AWS cloudfront WAF block John R. Levine via NANOG (Jun 01)