Verification of json file failed because queries were made from IPs originating from AWS-AWSManagedRulesAnonymousIpList

[pjaskierny-wbd]

We added out RWS configuration GoogleChrome/related-website-sets#278 and some of your requests failed 403 becacuse your requests were initiated from IPs which are on the AWSManagedRulesAnonymousIpList. This is a security rule that blocks traffic from anonymous IP addresses.

Can we ask for verification from IPs that are not from the "anonymous IPs" list?

[sjledoux]

The checks run on a GitHub server, which may be directing its traffic through a proxy and causing this issue. We're looking into a solution now, and we'll update when we find one.

[pjaskierny-wbd]

In the meantime, are you able to provide a pool of IP addresses dedicated to performing checks? If this pool is dedicated to you for checks we can add the IP to the exception list until a solution is found on your side.

[sjledoux]

Hi, GitHub offers this list of IPs that its runners use. In particular, the "actions" list would be relevant to this case. We also have some internal checks we do, so we may have to check if those cause issues with the AnonymousIP list as well, which we will update you on.

[pjaskierny-wbd]

@sjledoux : any updates about solution on your side? Can you estimate any dates?

[sjledoux]

Hi, have you been able to allowlist those IP addresses? Otherwise, I don't believe we have a long term solution at the moment.

[pjaskierny-wbd]

Hi, we are working with allowlist for delivered IPs. I will give update when we will finish it ;-)

[dgrochowiecki]

Hello @sjledoux , we are facing similar issue, and creating whitelist rules for more than 4k IP's is not the right solution, because it will significantly increase your WAF costs, is there any other way to identify verification requests? for example header verifificstion etc?

[plunker2025]

We added out RWS configuration GoogleChrome/related-website-sets#278 and some of your requests failed 403 becacuse your requests were initiated from IPs which are on the AWSManagedRulesAnonymousIpList. This is a security rule that blocks traffic from anonymous IP addresses.

Can we ask for verification from IPs that are not from the "anonymous IPs" list?

[plunker2025]

@sjledoux : any updates about solution on your side? Can you estimate any dates?

Yes if we can look with Google id developpement can be add solutions to see wen defferent device or Web hook can be retrace with token not cookie something in That way