PSA - Hosting SHAKEN cert behind Cloudflare
We were notified that some validators were unable to pull our cert which is hosted behind Cloudflare. I believe the fix is to create a WAF rule to match when the User Agent contains "Java/1.8.0" and then choose the Skip action. Please share if anyone has any better tips for WAF rules for this scenario. I was seeing Bandwidth, TransUnion, and Level3 getting blocked. TransUnion gave me the heads up and mentioned they saw it with other carriers lately also.
For Cloudflare we had to set a Page Rule on the cert page / site : Browser Integrity Check: Off On Sat, Jul 15, 2023 at 6:54?PM Jared Geiger via VoiceOps < voiceops at voiceops.org> wrote:
We were notified that some validators were unable to pull our cert which is hosted behind Cloudflare.
I believe the fix is to create a WAF rule to match when the User Agent contains "Java/1.8.0" and then choose the Skip action.
Please share if anyone has any better tips for WAF rules for this scenario.
I was seeing Bandwidth, TransUnion, and Level3 getting blocked.
TransUnion gave me the heads up and mentioned they saw it with other carriers lately also. _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
participants (2)
-
compuwizz@gmail.com -
karl@piratel.com