sites via akamai not working
FIXED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- sites via akamai not working
28-04-2024 11:23 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi, my PlusNet broadband is largely working just fine (has been for years), except over the last couple of days I've started seeing odd "Access Denied", timeout errors etc to some sites (e.g. tui.co.uk, ba.com and today tesco.com) meaning they can't be used at all. Same result on different browsers, devices etc. I've tried all the usual clearing cookies, browser data etc, rebooting router and modem no difference.
I can ping all these sites and they all resolve to axxx-xxx-xxx-xxx.deploy.static.akamaitechnologies.com addresses.
I have a static IP address. It looks as though akamai somehow doesn't like my PlusNet ip address any more.
I tried https://www.akamai.com/us/en/clientrep-lookup/ to see if the IP address had a bad reputation - it just replied "The IP Address 80.229.xxx.xxx did not receive a bad risk score."
Any idea where I can go to get this resolved?
Fixed! Go to the fix.
Re: sites via akamai not working
28-04-2024 12:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My static public IP Address is 80.229.xxx.xxx, current default gateway 195.166.130.254, I use plusnet DNS
I have a BA account, found my account locked but was able to login with my wife's account.
After unlocking my account I can now login using my details
I do not have accounts at Tesco or TUI but I can reach the sites
Re: sites via akamai not working
28-04-2024 12:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks @Dan_the_Van for looking, I can't even see the websites, let alone get anywhere near a login page!
I've been through the Plusnet telephone Support and they found that my IP Address is appearing on a blacklist at Spamhaus. I've managed to clear that using their online tool.
I've also found it listed on https://whatismyipaddress.com/blacklist-check where it shows an entry on a blacklist at dnsbl.sorbs.net
I'm in the process of understanding that right now.
I still can't access any of those website though...
tbc...
Re: sites via akamai not working
28-04-2024 12:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've also found it listed on https://whatismyipaddress.com/blacklist-check where it shows an entry on a blacklist at dnsbl.sorbs.net
Well I've just checked, I also see a dnsbl.sorbs.net entry, which might suggest the IP Address range https://ipinfo.io/AS6871/80.229.0.0/16
Re: sites via akamai not working
28-04-2024 12:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
No problem reaching any of those sites from an 80.229.xxx.xxx IP. Sucessfully logged in to a tesco.com account.
My DNS is set to OpenDNS though.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: sites via akamai not working
28-04-2024 12:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks @Dan_the_Van for looking that up, it's useful to know that you're seeing the same block at dnsbl.sorbs.net too - I'll not pursue trying to do anything more about that in that case...
And thanks too @MisterW , I still can't see any of those sites though. I'd also tried different DNS configs earlier (was using 8.8.8.8, switched to PlusNet's to try that), but that didn't bring them back to life. I was content that DNS wasn't a problem as ping was managing to resolve the websites to akamaitechnologies.com hosts. But, just to be doubly sure, I've just switched to OpenDNS, with no change.
I'll leave it for a while, maybe removal of the Spamhaus block will take a while to propagate to individual websites as they periodically pick up updated blocklists??? (If it will ever make any difference? If you'd have asked me, I'd have associated Spamhaus with spam prevention, not sure why it should block my access to https: websites?)
Meanwhile, if anyone else knows of any other IP blocklists to try, I'm up for suggestions!!!
I'm imagining that I'm not going to get anywhere trying to contact Support lines for the individual websites themselves...
Re: sites via akamai not working
28-04-2024 1:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Pretty sure that the sorbs block is only in relation to smtp relay i.e if you are running your own mail server
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: sites via akamai not working
28-04-2024 2:33 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Should I be paranoid?
https://www.ipqualityscore.com/ip-reputation-check for my IP address says ...
80.229.xxx.xxx Risk Summary
Re: sites via akamai not working
28-04-2024 6:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
oh joy... and Argos too....
Access Denied
You don't have permission to access "http://www.argos.co.uk/" on this server.
Reference #18.e3e1202.1714326513.120f85f3
https://errors.edgesuite.net/18.e3e1202.1714326513.120f85f3
$ ping www.argos.co.uk
PING e125063.b.akamaiedge.net (2.18.63.19) 56(84) bytes of data.
64 bytes from a2-18-63-19.deploy.static.akamaitechnologies.com (2.18.63.19): icmp_seq=1 ttl=55 time=21.6 ms
$ wget --debug "www.argos.co.uk"
DEBUG output created by Wget 1.21 on linux-gnu.
URI encoding = 'ANSI_X3.4-1968'
converted 'http://www.argos.co.uk' (ANSI_X3.4-1968) -> 'http://www.argos.co.uk' (UTF-8)
Converted file name 'index.html' (UTF-8) -> 'index.html' (ANSI_X3.4-1968)
--2024-04-28 18:52:26-- http://www.argos.co.uk/
Resolving www.argos.co.uk (www.argos.co.uk)... 2.18.63.50, 2.18.63.55, 2.18.63.43, ...
Caching www.argos.co.uk => 2.18.63.50 2.18.63.55 2.18.63.43 2.18.63.52 2.18.63.53 2.18.63.40 2.18.63.57 2.18.63.39 2.18.63.38
Connecting to www.argos.co.uk (www.argos.co.uk)|2.18.63.50|:80... connected.
Created socket 3.
Releasing 0x000055934a865700 (new refcount 1).
---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.21
Accept: */*
Accept-Encoding: identity
Host: www.argos.co.uk
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 373
Expires: Sun, 28 Apr 2024 17:52:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 28 Apr 2024 17:52:26 GMT
Connection: close
Set-Cookie: analytics_channel=ecomm; expires=Mon, 31-Dec-2038 23:59:59 GMT; path=/
Set-Cookie: mdr_browser=Akamai; expires=Sun, 28-Apr-2024 19:52:26 GMT; path=/; domain=.argos.co.uk
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Set-Cookie: akavpau_vpc_gcd=1714327346~id=afcc32e3145170ba31b69f8894efa564; Path=/; HttpOnly
X-Frame-Options: SAMEORIGIN
x-akm-dxc-parent: true
x-akm-hmp-default: true
Timing-Allow-Origin: https://s.go-mpulse.net,https://s2.go-mpulse.net
Akamai-GRN: 0.323e1202.1714326746.24228b6e
x-argos-brand: arg
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security
Server-Timing: ak_p; desc="1714326746912_34750002_606243694_18_14965_11_0_-";dur=1
---response end---
403 Forbidden
Stored cookie www.argos.co.uk -1 (ANY) / <permanent> <insecure> [expiry 2038-12-31 23:59:59] analytics_channel ecomm
cdm: 1
Stored cookie argos.co.uk -1 (ANY) / <permanent> <insecure> [expiry 2024-04-28 20:52:26] mdr_browser Akamai
Stored cookie www.argos.co.uk -1 (ANY) / <session> <insecure> [expiry none] akavpau_vpc_gcd 1714327346~id=afcc32e3145170ba31b69f8894efa564
Closed fd 3
2024-04-28 18:52:26 ERROR 403: Forbidden.
Re: sites via akamai not working
28-04-2024 7:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'm failing to see the relevance of akamaiedge, Is it a DNS sustitute ?
Can you not disable or bypass it ?
Re: sites via akamai not working
28-04-2024 7:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you tried a browser in 'private/incognito' mode?
what if you try a telnet connection to one of the sites, you may need to add telnet app or enable depending on OS
telnet www.tui.co.uk 443 (443 for https or 80 for http)
:~$ telnet www.tui.co.uk 443
Trying 92.122.54.81...
Connected to e38537.dsca.akamaiedge.net.
Escape character is '^]'.
HTH
Re: sites via akamai not working
28-04-2024 8:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It appears to me that DNS resolution for adflyer aren't functioning as it is for others.
Argos resolves to an Akamai allocated IPv4 address, but in a different IPv4 allocation.
I'm off to scratch my head a bit more
Re: sites via akamai not working
28-04-2024 9:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My thoughts are now that it could be local caching of DNS resolutions. I could be wrong, but that's the way I'm seeing it at the moment.
Re: sites via akamai not working
28-04-2024 10:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for the suggestions:
incognito: still get no response / 403 error etc, as normal browser
Yes, I can connect to telnet, but as I then don't know how to manually speak http, it just disconnects me after a few seconds, but then isn't that essentially what wget --debug is showing for me? It's connecting, issuing an http request, but gets a 403 forbidden response back (from some of them, tesco.com just does nothing until it times out).
I've tried various dns flushing commands on various machines (not to mention reboots, that are the ultimate flush!), with no joy.
linux dig reports:
dig www.argos.co.uk
; <<>> DiG 9.16.44-Debian <<>> www.argos.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6028
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.argos.co.uk. IN A
;; ANSWER SECTION:
www.argos.co.uk. 891 IN CNAME www.argos.co.uk.edgekey.net.
www.argos.co.uk.edgekey.net. 891 IN CNAME e125063.b.akamaiedge.net.
e125063.b.akamaiedge.net. 18 IN A 2.23.210.139
e125063.b.akamaiedge.net. 18 IN A 2.23.210.153
;; Query time: 23 msec
;; SERVER: 212.159.6.9#53(212.159.6.9)
;; WHEN: Sun Apr 28 21:45:13 BST 2024
;; MSG SIZE rcvd: 152
This is using Plusnet's DNS (212.159.6.9), essentially the same using any DNS you care to configure it for...
An online dig, such as https://www.ipvoid.com/dig-dns-lookup/ does essentially the same...
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6491
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.argos.co.uk. IN A
;; ANSWER SECTION:
www.argos.co.uk. 10442 IN CNAME www.argos.co.uk.edgekey.net.
www.argos.co.uk.edgekey.net. 8159 IN CNAME e125063.b.akamaiedge.net.
e125063.b.akamaiedge.net. 20 IN A 2.16.11.57
e125063.b.akamaiedge.net. 20 IN A 2.16.11.75
To me, what i've seen is that Akamai is a CDN / edge computing provider that's sitting in front of these big websites, hence why their domain names are resolving to Akamai addresses. I can't see that there's any way of bypassing Akamai, it's essentially the webhost for them?
It's just that for some unknown reason, Akamai has decided to refuse to deal with my ip address (and it turns out, others too, e.g. community.bt.com), yet their reputation tool, https://www.akamai.com/us/en/clientrep-lookup/ , says it's not a bad risk!? confused...
Re: sites via akamai not working
29-04-2024 8:28 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
OS "Linux Mint 21.3"
I have attached a txt file with the results for wget --debug and dig for www.argos.com for your comparison.
I take it you have no issues using a mobile phone as a wireless hotspot or VPN to prove this issue is with your broadband public IP Address?
I see the BT thread you linked has not been marked as fixed.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- sites via akamai not working