This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems using option for "Block clients with bad reputation" in WAF configuration

I enabled the option to block bad reputation clients when I configured my WAF sites.   

Then I was startled to discover that I had blocked my ability to connect from home because my IP address had a bad reputation on SORBS and Barracuda RBLs.   Of course, I panicked that my home network was infected.   After deciding that my network was really still clean, I contacted SORBS by email.   Their reply said it was not just me, that I was part of a blocked network range, so I could not be de-listed.   Next, I called my ISP.  They forwarded the issue to a mysterious group that never responded despite multiple attempts.   The silence did not endear me to my ISP.

Eventually, I determined that the bad reputation was because my home is on a dynamic IP address, just like most other home users.   Since that type of address should not be used for email servers, the address range is blocked by some RBLs as a spam-prevention measure, not because of a known problem.

Sophos Support confirms that the email protection and the WAF bad client protection use the same RBLs.   So if I choose different RBLs to permit WAF client filtering, I weaken my defenses for email filtering, and vice versa.      However, change is not really an option because I would not know how to identify RBLs that never perform dynamic IP blocking. 

So unless your WAF sites are only used by businesses with static IPs, you probably should not use this feature.

Disappointed.



This thread was automatically locked due to age.
Parents Reply Children
No Data