Closed privacyguy123 closed 2 years ago
fxbrit
commented
2 years ago from your report I don't understand if the website works in a clean firefox profile with no customization at all. have you tried that also?
PS: I cannot reproduce this on my end.
privacyguy123
commented
2 years ago I find it hard to reproduce myself sometimes - from what I understand digging through Virgin (ISP) forums and Reddit is that it's some short IP ban issued by Akamai (the websites CDN, also flannels.com) for reasons unknown, likely they will not share with us either.
What's doubly strange is that their IP scoring page (https://www.akamai.com/us/en/clientrep-lookup/) reports my IP as "fine" and I can sometimes browse the site, but after a few clicks around while shopping like any normal person I am banned again - "default" profile in safe mode will let me click around and spam F5 without any lockout once the aforementioned IP ban times out, if I try before that I am obviously still locked out regardless of profile/addons/other.
Onfroygmx
commented
2 years ago First: No Firefox customisation can cause a website breakdown! Second: Spend your 600 Β£ on use-full stuff.
privacyguy123
commented
2 years ago First: No Firefox customisation can cause a website breakdown!
There is literally a wiki section on site breakage https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting
Second: Spend your 600 Β£ on use-full stuff.
I'd spend Β£600 on finding out what triggers Akamais blocker on a modified FireFox π
Onfroygmx
commented
2 years ago Buy a book about internet and read it. Cheaper!
fxbrit
commented
2 years ago it's unlikely that a CDN would ban at the IP level over a browser configuration alone. the "Why is Akamai blocking me?" faq also seems to point to DDoS and bot detection which surely would require some volume, so unless you or someone else on your IP address (if you are NATted or behind a VPN) did something weird recently (eg. massive scrape on something hosted at akamai) I doubt they would be blocking the whole IP address, that's overkill.
since this is a server side error anyway, your best bet is to contact the website and akamai and see what's the deal. closing but feel free to keep commenting and we can re-open if new details emerge I guess.
privacyguy123
commented
2 years ago It's the only explanation I can come out with after ruling out a very long list of other things, one of which an edited user.js is currently not - I'm not saying it definitely is either.
I have ruled out anything "weird" on my connection unfortunately - it is only my laptop. phone and 2 Sky boxes on it and nothing strange showing up on virus scans and/or TCPView/Simplewall logs. Pretty stumped at this one, there is a plethora of Google results on "access denied" on Virgin and Reddit forums however, none seem to offer any kind of fix. What's weird is that my phone connected to data (with EE IP, totally isolated from Virgin router) has received this access denied mesaged before - I don't know how to reproduce this one.
rusty-snake
commented
2 years ago Maybe some pref that changes network behaviour or ETP has any strange effect. Otherwise you can only do a binary search in the user.js to find a cause.
https://github.com/arkenfox/user.js/blob/4ff931781a1bf012e0e7e2ec89dc5c2a9bedd890/user.js#L273-L283
https://github.com/arkenfox/user.js/blob/4ff931781a1bf012e0e7e2ec89dc5c2a9bedd890/user.js#L453-L472
https://github.com/arkenfox/user.js/blob/4ff931781a1bf012e0e7e2ec89dc5c2a9bedd890/user.js#L129-L132
privacyguy123
commented
2 years ago Maybe some pref that changes network behaviour or ETP has any strange effect. Otherwise you can only do a binary search in the user.js to find a cause.
user_pref("security.ssl.require_safe_negotiation", true);user_pref("security.tls.enable_0rtt_data", false);
user_pref("intl.accept_languages", "en-US, en");
I've toggled all of these (except ipv6 because my ISP doesn't support it) and can still get myself blocked by Akamai π - ETP strict on or off irrelevant it seems.
fxbrit
commented
2 years ago I still don't think this is related to the user.js, you also mention you disable RFP which means you are going to be told apart from bots.
it makes sense to reach out to the website and the CDN and see what they have to say. it could be anything and I could think of a thousand tests but ultimately this is a black box with a server side error and no console ouput (eg. do you change your dns, are you using a firewall, are you natted, is your isp blocking something, is the server having issues, is your OS image compromised, have you been flagged by mistake, was a full ISP range flagged etc).
What's weird is that my phone connected to data (with EE IP, totally isolated from Virgin router) has received this access denied mesaged before
and you don't use the user.js on your phone right?
1201 and 0701 would show an error in the browser, the screenshot is a server side message instead.
Thorin-Oakenpants
commented
2 years ago ultimately this is a black box with a server side
I haven't tested anything, but IMO these sorts of issues are always problematic to replicate or get STR as previous tests can taint the results, i.e the server is super quick to ban your known IP than say, mine. And once an IP/range is tagged, almost anything could set it off?
fxbrit
commented
2 years ago And once an IP/range is tagged, almost anything could set it off?
yes, if a certain CDN's server replica was under ddos and a certain isp was used as reflector the isp could be under strict rules for a while. me having a different isp and contacting a different replica would probably never result in a trigger. as I said it's almost impossible to predict and test from the outside looking in. (edit: to be clear, this was just a random example to explain why I suggest contacting the website).
the only thing that captured my attention is Windows 10 LTSC 2021, does it have a weird user agent or does it have special changes? but even then I doubt that would result in IP banning, because that is usually triggered by volume as well.
privacyguy123
commented
2 years ago (eg. do you change your dns, are you using a firewall, are you natted, is your isp blocking something, is the server having issues, is your OS image compromised, have you been flagged by mistake, was a full ISP range flagged etc).
it could be anything and I could think of a thousand tests
I'm all ears, I need ammo to fire at Virgin/Akamai because when I reach out to anybody about this issue it's always "probably your fault" and never gets followed up
and you don't use the user.js on your phone right?
True yes, which is what makes it weird π
the only thing that captured my attention is Windows 10 LTSC 2021, does it have a weird user agent or does it have special changes? but even then I doubt that would result in IP banning, because that is usually triggered by volume as well.
Not that I can see, I still show as Windows 21H2
parseword
commented
2 years ago I hope it's OK to comment on a closed issue, as I wanted to provide a bit of input. I experience the same problem (see e.g. here) and I suspect this occurs because the browser isn't firing certain beacons/pixels that Akamai expects "legitimate" eyeball users to load. As a result of the beacons not being triggered, something on Akamai's end is flagging me as a bot and putting my IP into a ruleset their customers use to block "bots."
Whether this is ultimately caused by Firefox settings or DNS-level ad blocking, I haven't determined. If you want to keep digging, you might look in that direction.
privacyguy123
commented
2 years ago Wow - appreciate your input! If you find anything more let me know - I have tried whitelisting these sites but I guess it's the underlying Akamai IPs/addresses that would need whitelisted right? Do you happen to know what they are?
By beacons do you mean the about:config FireFox setting? If so then what you are saying lends to the idea that this is a user.js related issue ... if not then IP activity related but I'm in the same position as you - there is no strange activity on my home network and I pass the Akamai client reputation test.
fxbrit
commented
2 years ago if you have a lead about beacon (sorry haven't read the link yet) you could try flipping 2602 and test that out.
privacyguy123
commented
2 years ago if you have a lead about beacon (sorry haven't read the link yet) you could try flipping
2602and test that out.
Tried that - seems irrelevant unfortunately, but the problem is isolated to the modified FireFox environment - after some input from another Virgin user on Reddit (who can't reproduce any of this) I can rule out ISP AND dnscrypt DNS level blocking as I can reproduce getting blocked after exactly 2 clicks deep on https://www.flannels.com connected to ProtonVPN (which also bypasses anything dnscrypt is doing.)
EDIT: Found this then posted this bug report - cannot reproduce with Dark Reader Dynamic mode off ... what on earth would this be triggering on Akamais side? Please feel free to follow/add commentary @parseword, perhaps we should continue the conversation there and leave these user.js gentlemen alone. π
fxbrit
commented
2 years ago sorry but this is very confusing, how is this relevant if you are not using dark reader in the first place? just like I don't see how the user.js is necessarily involved when you could reproduce it on your smartphone.
what on earth would this be triggering on Akamais side?
it thinks dark reader is a scraper.
privacyguy123
commented
2 years ago sorry but this is very confusing, how is this relevant if you are not using dark reader in the first place? just like I don't see how the user.js is necessarily involved when you could reproduce it on your smartphone.
I am using it and FireFox Android supports Dark Reader. π user.js not the issue any more.
what on earth would this be triggering on Akamais side?
it thinks dark reader is a scraper.
That makes no sense to me but anyway, bug report submitted over there.
π₯ https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting
πͺ REQUIRED INFO
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use β<!DOCTYPE html>β.