Access Denied Message when using Algo: www.Delta.com

[Orion120]

OS / Environment

Ubuntu Server

Ansible version

2.4.3.0

Version of components from requirements.txt

setuptools 36.2.5

Summary of the problem

When attempting to connect to https://www.Delta.com I get: Access Denied: You don't have permission to access "http://www.delta.com/" on this server. Reference #18.e0ad717.1518555249.5b6a9378

Steps to reproduce the behavior

Turn on Strongswam client, surf to https://www.delta.com or try to connect by mobile app

The way of deployment (cloud or local)

DO cloud

Expected behavior

Conntect to website

Actual behavior

Access Denied message

Full log

N/A

If I use algo I get the Access Denied message. If I use OpenVPN I do not get the Message. If I disconnect Strongswan Client from server I do not get Access Denied message. All other websites seem to be fine with Algo VPN

[davidemyers]

What I believe is happening is that Delta has chosen to use an Akamai feature that blocks certain IP addresses including those from DigitalOcean. Nordstrom does the same thing. It's very annoying and not Algo's fault.

[iamvishnurajan]

I am fairly certain this is due to delta.com using akamai to block various web crawlers, so they blanket block digital ocean IP addresses. I have run into this with Delta, jetBlue, and Zillow so far. I haven't found a reasonable workaround as of yet on desktop other than disconnecting VPN to access. On Android, if you are accessing via the Delta app, you can add an exception in StrongSwan to not use VPN for specific apps (it's buried in the options near the bottom, under "Exclude selected applications from the VPN")

[Orion120]

Great, thank you. I will give it a shot.

On Tue, Feb 13, 2018 at 1:18 PM Vishnu Rajan notifications@github.com wrote:

I am fairly certain this is due to delta.com using akamai to block various web crawlers, so they blanket block digital ocean IP addresses. I have run into this with Delta, jetBlue, and Zillow so far. I haven't found a reasonable workaround as of yet on desktop other than disconnecting VPN to access. On Android, if you are accessing via the Delta app, you can add an exception in StrongSwan to not use VPN for specific apps (it's buried in the options near the bottom, under "Exclude selected applications from the VPN")

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/trailofbits/algo/issues/803#issuecomment-365407461, or mute the thread https://github.com/notifications/unsubscribe-auth/AGKpApWU0ozWeJJ7CXHhaibVjzt-v0ePks5tUfwugaJpZM4SEZSw .

--

Thanks,

Micah Bisagni orion120@gmail.com 310.384.9874

[jwebbstevens]

I think the simplest solution is too not fly Delta.

Blanket blocking all Digital Ocean servers seems like a blunt tool. I guess its the airlines digital equivalent of punching a paying ticketed passenger in the face and forcibly removing them from the flight.

🤷

[davidemyers]

I created a new Algo in NYC3 today and was surprised to find that none of the sites mentioned above are blocked from it, nor is Personal Capital which recently added a block. I had previously been using an Algo in NYC2.

I guess I got lucky and got assigned an address range Akamai doesn't know about (yet).

I also created an Algo by doing a local install on Amazon Lightsail in us-east-1 and had no blocks there either, but I think I'll stick with DigitalOcean for now since Lightsail doesn't have IPv6.

[jwebbstevens]

That's interesting @davidemyers . I run algo on a DO server I just started and Delta.com is blocked but Nordstrom is not, I'm on NYC3 as well. I can visit Macys and AA and a few others similar sites to them in retail and airline sector, but Delta's the only one that blocks it so far that's I've found.

I did some digging and it looks like Akamai pass the blame to the site owners.

According to Why is Akamai blocking me? and Problem with my IP Address Being Blocked

It seems pretty tedious to contact the IT dept with the id of the Akamai block and get them to unblock it every time a site is encountered.

[jwebbstevens]

@myb120 for what its worth I submitted a support request on delta.com (not logged into algo VPN) just to see if they could unblock my IP. I'm curious if they will respond and how long it will take. I'll update this thread to let everyone know about the process and experience.

[iamvishnurajan]

FWIW, I tried this with zillow.com sometime back. Their eventual response after some back and forth was "Sorry for the late response. Upon checking the screenshot you have sent me, I suggest that you try a different area and device or use Zillow website off the VPN. I apologize if could not be more of a help. Thank you for your understanding."

So, basically, no help at all.

[jwebbstevens]

@iamvishnurajan interesting, that's good to know. I wonder if the rep understood they were actually turning away a customer from using the product. It's more likely they didn't understand and the IT team (er' intern because they don't want to pay for real IT) wasn't even aware. I feel a Medium post writing itself about this titled "An open letter to the Brands who don't want me to buy their product"

[davidemyers]

I guess I got lucky and got assigned an address range Akamai doesn't know about (yet).

Well it was good while it lasted but Akamai has flagged my address and now I'm blocked again.

[jwebbstevens]

I destroyed mine and spun up another one on NYC3. That too was blocked. I sent two more cases into Delta.com with details about the # that Akamai provides. Delta has not responded again. I think that avenue is DOA.

[dguido]

Delta actively blocks connections from some VPS hosts, including DigitalOcean. If you need to access Delta over an AlgoVPN, then please try a different provider until it works. There is nothing we can do about this problem :-(.