cancel
Showing results for 
Search instead for 
Did you mean: 

sites via akamai not working

FIXED
adflyer
Dabbler
Posts: 16
Thanks: 4
Fixes: 1
Registered: ‎27-02-2019

sites via akamai not working

Hi, my PlusNet broadband is largely working just fine (has been for years), except over the last couple of days I've started seeing odd "Access Denied", timeout errors etc to some sites (e.g. tui.co.uk, ba.com and today tesco.com) meaning they can't be used at all. Same result on different browsers, devices etc. I've tried all the usual clearing cookies, browser data etc, rebooting router and modem no difference.

I can ping all these sites and they all resolve to axxx-xxx-xxx-xxx.deploy.static.akamaitechnologies.com addresses.

I have a static IP address. It looks as though akamai somehow doesn't like my PlusNet ip address any more. 

I tried https://www.akamai.com/us/en/clientrep-lookup/ to see if the IP address had a bad reputation - it just replied "The IP Address 80.229.xxx.xxx did not receive a bad risk score."

Any idea where I can go to get this resolved?

33 REPLIES 33
Dan_the_Van
Hero
Posts: 3,088
Thanks: 1,523
Fixes: 90
Registered: ‎25-06-2007

Re: sites via akamai not working

@adflyer 

My static public IP Address is 80.229.xxx.xxx, current default gateway 195.166.130.254, I use plusnet DNS

I have a BA account, found my account locked but was able to login with my wife's account.

After unlocking my account I can now login using my details

I do not have accounts at Tesco or TUI but I can reach the sites

adflyer
Dabbler
Posts: 16
Thanks: 4
Fixes: 1
Registered: ‎27-02-2019

Re: sites via akamai not working

Thanks @Dan_the_Van for looking, I can't even see the websites, let alone get anywhere near a login page!

I've been through the Plusnet telephone Support and they found that my IP Address is appearing on a blacklist at Spamhaus. I've managed to clear that using their online tool.

I've also found it listed on https://whatismyipaddress.com/blacklist-check where it shows an entry on a blacklist at dnsbl.sorbs.net

I'm in the process of understanding that right now.

I still can't access any of those website though...

tbc...

Dan_the_Van
Hero
Posts: 3,088
Thanks: 1,523
Fixes: 90
Registered: ‎25-06-2007

Re: sites via akamai not working

I've also found it listed on https://whatismyipaddress.com/blacklist-check where it shows an entry on a blacklist at dnsbl.sorbs.net

Well I've just checked, I also see a dnsbl.sorbs.net entry, which might suggest the IP Address range https://ipinfo.io/AS6871/80.229.0.0/16 

 

MisterW
Superuser
Superuser
Posts: 16,218
Thanks: 6,196
Fixes: 447
Registered: ‎30-07-2007

Re: sites via akamai not working

No problem reaching any of those sites from an 80.229.xxx.xxx IP. Sucessfully logged in to a tesco.com account.

My DNS is set to OpenDNS though.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

adflyer
Dabbler
Posts: 16
Thanks: 4
Fixes: 1
Registered: ‎27-02-2019

Re: sites via akamai not working

Thanks @Dan_the_Van for looking that up, it's useful to know that you're seeing the same block at dnsbl.sorbs.net too - I'll not pursue trying to do anything more about that in that case...

And thanks too @MisterW , I still can't see any of those sites though. I'd also tried different DNS configs earlier (was using 8.8.8.8, switched to PlusNet's to try that), but that didn't bring them back to life. I was content that DNS wasn't a problem as ping was managing to resolve the websites to akamaitechnologies.com hosts. But, just to be doubly sure, I've just switched to OpenDNS, with no change.

I'll leave it for a while, maybe removal of the Spamhaus block will take a while to propagate to individual websites as they periodically pick up updated blocklists??? (If it will ever make any difference? If you'd have asked me, I'd have associated Spamhaus with spam prevention, not sure why it should block my access to https: websites?)

Meanwhile, if anyone else knows of any other IP blocklists to try, I'm up for suggestions!!!

I'm imagining that I'm not going to get anywhere trying to contact Support lines for the individual websites themselves...

MisterW
Superuser
Superuser
Posts: 16,218
Thanks: 6,196
Fixes: 447
Registered: ‎30-07-2007

Re: sites via akamai not working

Pretty sure that the sorbs block is only in relation to smtp relay i.e if you are running your own mail server

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

adflyer
Dabbler
Posts: 16
Thanks: 4
Fixes: 1
Registered: ‎27-02-2019

Re: sites via akamai not working

Should I be paranoid?

https://www.ipqualityscore.com/ip-reputation-check for my IP address says ...

80.229.xxx.xxx Risk Summary

Suspicious - This IP address is exhibiting questionable and suspicious behavior. We would recommend passing more user data through our API to produce a more accurate risk analysis of the user's quality.
 
Could this be my problem? (I'm not using a VPN, even though it says "Proxy/VPN Proxy/VPN Detected This IP address appears to be a low risk proxy connection.")
adflyer
Dabbler
Posts: 16
Thanks: 4
Fixes: 1
Registered: ‎27-02-2019

Re: sites via akamai not working

oh joy... and Argos too....

Access Denied

You don't have permission to access "http://www.argos.co.uk/" on this server.

Reference #18.e3e1202.1714326513.120f85f3

https://errors.edgesuite.net/18.e3e1202.1714326513.120f85f3

$ ping www.argos.co.uk
PING e125063.b.akamaiedge.net (2.18.63.19) 56(84) bytes of data.
64 bytes from a2-18-63-19.deploy.static.akamaitechnologies.com (2.18.63.19): icmp_seq=1 ttl=55 time=21.6 ms

$ wget --debug "www.argos.co.uk"
DEBUG output created by Wget 1.21 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
converted 'http://www.argos.co.uk' (ANSI_X3.4-1968) -> 'http://www.argos.co.uk' (UTF-8)
Converted file name 'index.html' (UTF-8) -> 'index.html' (ANSI_X3.4-1968)
--2024-04-28 18:52:26-- http://www.argos.co.uk/
Resolving www.argos.co.uk (www.argos.co.uk)... 2.18.63.50, 2.18.63.55, 2.18.63.43, ...
Caching www.argos.co.uk => 2.18.63.50 2.18.63.55 2.18.63.43 2.18.63.52 2.18.63.53 2.18.63.40 2.18.63.57 2.18.63.39 2.18.63.38
Connecting to www.argos.co.uk (www.argos.co.uk)|2.18.63.50|:80... connected.
Created socket 3.
Releasing 0x000055934a865700 (new refcount 1).

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.21
Accept: */*
Accept-Encoding: identity
Host: www.argos.co.uk
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 373
Expires: Sun, 28 Apr 2024 17:52:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 28 Apr 2024 17:52:26 GMT
Connection: close
Set-Cookie: analytics_channel=ecomm; expires=Mon, 31-Dec-2038 23:59:59 GMT; path=/
Set-Cookie: mdr_browser=Akamai; expires=Sun, 28-Apr-2024 19:52:26 GMT; path=/; domain=.argos.co.uk
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Set-Cookie: akavpau_vpc_gcd=1714327346~id=afcc32e3145170ba31b69f8894efa564; Path=/; HttpOnly
X-Frame-Options: SAMEORIGIN
x-akm-dxc-parent: true
x-akm-hmp-default: true
Timing-Allow-Origin: https://s.go-mpulse.net,https://s2.go-mpulse.net
Akamai-GRN: 0.323e1202.1714326746.24228b6e
x-argos-brand: arg
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security
Server-Timing: ak_p; desc="1714326746912_34750002_606243694_18_14965_11_0_-";dur=1

---response end---
403 Forbidden

Stored cookie www.argos.co.uk -1 (ANY) / <permanent> <insecure> [expiry 2038-12-31 23:59:59] analytics_channel ecomm
cdm: 1

Stored cookie argos.co.uk -1 (ANY) / <permanent> <insecure> [expiry 2024-04-28 20:52:26] mdr_browser Akamai

Stored cookie www.argos.co.uk -1 (ANY) / <session> <insecure> [expiry none] akavpau_vpc_gcd 1714327346~id=afcc32e3145170ba31b69f8894efa564
Closed fd 3
2024-04-28 18:52:26 ERROR 403: Forbidden.

Champnet
Aspiring Hero
Posts: 2,899
Thanks: 1,088
Fixes: 15
Registered: ‎25-07-2007

Re: sites via akamai not working

I'm failing to see the relevance of akamaiedge, Is it a DNS sustitute ?

Can you not disable or bypass it ?

 

Dan_the_Van
Hero
Posts: 3,088
Thanks: 1,523
Fixes: 90
Registered: ‎25-06-2007

Re: sites via akamai not working

@adflyer 

Have you tried a browser in 'private/incognito' mode?

what if you try a telnet connection to one of the sites, you may need to add telnet app or enable depending on OS

telnet www.tui.co.uk 443 (443 for https or 80 for http)

:~$ telnet www.tui.co.uk 443
Trying 92.122.54.81...
Connected to e38537.dsca.akamaiedge.net.
Escape character is '^]'.

HTH

greygit1
Aspiring Pro
Posts: 411
Thanks: 56
Fixes: 1
Registered: ‎26-06-2023

Re: sites via akamai not working

It appears to me that DNS resolution for adflyer aren't functioning as it is for others.

Argos resolves to an Akamai allocated IPv4 address, but in a different IPv4 allocation.

I'm off to scratch my head a bit more

greygit1
Aspiring Pro
Posts: 411
Thanks: 56
Fixes: 1
Registered: ‎26-06-2023

Re: sites via akamai not working

My thoughts are now that it could be local caching of DNS resolutions. I could be wrong, but that's the way I'm seeing it at the moment.

adflyer
Dabbler
Posts: 16
Thanks: 4
Fixes: 1
Registered: ‎27-02-2019

Re: sites via akamai not working

Thanks for the suggestions:

incognito: still get no response / 403 error etc, as normal browser

Yes, I can connect to telnet, but as I then don't know how to manually speak http, it just disconnects me after a few seconds, but then isn't that essentially what wget --debug is showing for me? It's connecting, issuing an http request, but gets a 403 forbidden response back (from some of them, tesco.com just does nothing until it times out).

I've tried various dns flushing commands on various machines (not to mention reboots, that are the ultimate flush!), with no joy.

linux dig reports:

dig www.argos.co.uk

; <<>> DiG 9.16.44-Debian <<>> www.argos.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6028
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.argos.co.uk. IN A

;; ANSWER SECTION:
www.argos.co.uk. 891 IN CNAME www.argos.co.uk.edgekey.net.
www.argos.co.uk.edgekey.net. 891 IN CNAME e125063.b.akamaiedge.net.
e125063.b.akamaiedge.net. 18 IN A 2.23.210.139
e125063.b.akamaiedge.net. 18 IN A 2.23.210.153

;; Query time: 23 msec
;; SERVER: 212.159.6.9#53(212.159.6.9)
;; WHEN: Sun Apr 28 21:45:13 BST 2024
;; MSG SIZE rcvd: 152

This is using Plusnet's DNS (212.159.6.9), essentially the same using any DNS you care to configure it for...

An online dig, such as https://www.ipvoid.com/dig-dns-lookup/  does essentially the same...

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6491
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.argos.co.uk. IN A

;; ANSWER SECTION:
www.argos.co.uk. 10442 IN CNAME www.argos.co.uk.edgekey.net.
www.argos.co.uk.edgekey.net. 8159 IN CNAME e125063.b.akamaiedge.net.
e125063.b.akamaiedge.net. 20 IN A 2.16.11.57
e125063.b.akamaiedge.net. 20 IN A 2.16.11.75

To me, what i've seen is that Akamai is a CDN / edge computing provider that's sitting in front of these big websites, hence why their domain names are resolving to Akamai addresses. I can't see that there's any way of bypassing Akamai, it's essentially the webhost for them?

It's just that for some unknown reason, Akamai has decided to refuse to deal with my ip address (and it turns out, others too, e.g. community.bt.com), yet their reputation tool, https://www.akamai.com/us/en/clientrep-lookup/ , says it's not a bad risk!? confused...

Dan_the_Van
Hero
Posts: 3,088
Thanks: 1,523
Fixes: 90
Registered: ‎25-06-2007

Re: sites via akamai not working

@adflyer 

OS "Linux Mint 21.3"

I have attached a txt file with the results for wget --debug and dig for www.argos.com for your comparison.

I take it you have no issues using a mobile phone as a wireless hotspot or VPN to prove this issue is with your broadband public IP Address?

I see the BT thread you linked has not been marked as fixed.