A colleague found that he can not create a Facebook post linking to our company blog post (internal server behind UTM9 WebServer Protection). It seems... that the Facebook IP has been blacklisted by DNSRBL (black.rbl.ctipd.astaro.local)...
I've no idea who I should report this to, if at all, so I'm writing here asking for directions for the future.
For reference, here's the log:
2018:07:31-10:17:58 firewall httpd[5579]: [authz_blacklist:warn] [pid 5579:tid 4113341296] [client 31.13.124.204:18428] Client is listed on DNSRBL black.rbl.ctipd.astaro.local
2018:07:31-10:17:58 firewall httpd: id="0299" srcip="31.13.124.204" localip="<REDACTED>" size="246" user="-" host="31.13.124.204" method="GET" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="-" time="49875" url="/about-us/news/Pages/DevMonday--5.aspx" server="<REDACTED>" port="443" query="" referer="-" cookie="-" set-cookie="-" uid="W2AbNqwQBQEAABXLlagAAAA0"
2018:07:31-10:19:44 firewall httpd[5579]: [security2:error] [pid 5579:tid 3800939376] [client 66.249.73.91] ModSecurity: Rule 89648d0 [id "981004"][file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"][line "84"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "<REDACTED>"] [uri "/solutions/sharepoint"] [unique_id "W2Abn6wQBQEAABXLlakAAABZ"]
2018:07:31-10:19:44 firewall httpd[5579]: [security2:error] [pid 5579:tid 3800939376] [client 66.249.73.91] ModSecurity: Rule 87dd458 [id "970003"][file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"][line "123"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "<REDACTED>"] [uri "/solutions/sharepoint"] [unique_id "W2Abn6wQBQEAABXLlakAAABZ"]
EDIT:
What's strange is that I also went to https://dnsrbl.org/delist.html to manually check the IP (assuming this IS the official DNSRBL site), and that IP was never listed... yet, it's clear UTM thinks it is... What's going on?
This thread was automatically locked due to age.