Re: Amazon AWS cloudfront WAF block

[Tom Beecher via NANOG <nanog () lists nanog org>]

>  I cannot fathom how citing some cases and section 230 will help the
> original poster get a hold of someone at Amazon and/or resolve their issue.


It won't, no. But not much else will either.

AWS default WAF lists are notoriously bad. They often include things they
shouldn't. If you are an AWS customer they'll tell you to make your own
edits to fix these problems. If you aren't (as in the OP's case ), they
won't even really talk to you, as the OP experienced.

It's of course exceptionally frustrating when you're in the OP's shoes with
this stuff, but this is the unfortunate reality when people chose to use
ass products like this.

On Thu, May 29, 2025 at 3:52 PM Mu via NANOG <nanog () lists nanog org> wrote:

> On Thursday, May 29th, 2025 at 3:35 PM, John Levine via NANOG <
> nanog () lists nanog org> wrote:
>
> > It appears that William Herrin via NANOG nanog () lists nanog org said:
> >
> > > On Thu, May 29, 2025 at 10:57 AM Andrew Kirch trelane () trelane net
> wrote:
> > > > (A)any action voluntarily taken in good faith to restrict access to
> > > > or availability of material that the provider or user considers to be
> > > > obscene, lewd, lascivious, filthy, excessively violent, harassing,
> > > > or otherwise objectionable, whether or not such material is
> > > > constitutionally protected
> > >
> > > Hi Andrew,
> > >
> > > The key phrase here is "taken in good faith." After I've notified you
> > > of an error, your action stops being good faith.
> >
> >
> > Uh, no. I have no duty to believe what you claim.
> >
> > Having looked at a lot of case law I can tell you that the only case
> where a
> > court did not find good faith was a strange one where one anti-malware
> service
> > listed another (for what looked like good reasons) and a court assumed
> that
> > since they were direct competitors it wasn't good faith. Other than
> that, if I
> > think your traffic is objectionable, I can reject it.
> >
> > See
> https://blog.ericgoldman.org/archives/2024/06/this-case-keeps-wrecking-internet-law-enigma-v-malwarebytes.htm
> > In practice, threatening to sue Amazon is a dumb thing to do because
> they have
> > far more lawyers and experience and money than you do. This is obviously
> a
> > screwup and figuring out who to ask nicely is far more likely to work
> than
> > sending threats you can't actually carry out.
> >
> > R's,
> > John
> >
> > PS: Wasn't the original question from someone in South Africa? I have no
> idea
> > what their law is like, or if Amazon even has enough presence there to
> sue.
> > _______________________________________________
> > NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/QGOVMLWJ36MZ3V5PZAZK3DH3PQKBRN5W/
>
> Respectfully, is anyone here an actual lawyer giving legal advice?
>
> If not, can we maybe just suggest that everyone consults with their own
> lawyers about what actions they do or do not want to take?
>
> Obviously the original comment about sending a legal letter was made out
> of frustration because reaching an actual human at some of these megacorps
> is often like pulling teeth. I don't blame them for being frustrated. With
> that said, I cannot fathom how citing some cases and section 230 will help
> the original poster get a hold of someone at Amazon and/or resolve their
> issue.
>
> -mu
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/WQOPS73CIQFM725J4N3BW44T6KCQPQ72/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SD7KRQCPJYEQWDT7BJSAN2UE7FDEA3QQ/