Date: Thu, 10 Dec 2020 14:38:04 +0530
Message-ID: <CAEtQBY5ZT_Y-rjCrQuAn4201A+wZsvjmQ9VsM3sp8C_mrHzCmw@mail.gmail.com>
To: site-comments@w3.org, sysreq@w3.org
Cc: JacobV@datacom.co.nz, jacob.vaughan@mpi.govt.nz
Hello Team, Hope you are doing well. I am writing this email in hopes of reaching someone in your security/networking department. One of our customers *Ministry for Primary Industries New Zealand * raised concern that they were not able to reach the following URLs via our company's service. *https://www.w3.org/ <https://www.w3.org/>* [image: image.png] Taking tcpdump we see Zscaler Auckland node is sending TCP SYN however site is not responding. We see no SYN+ACK from destination. It seems you have not whitelisted the range from our Auckland Node. 22:48:41.949990 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4 (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80: Flags [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale 5,sackOK,TS val 188199143 ecr 0], length 0 22:48:44.592392 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4 (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80: Flags [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale 5,sackOK,TS val 188199443 ecr 0], length 0 22:48:47.420014 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4 (0x0800), length 74:* 124.248.141.76.33661 > 128.30.52.100.80: Flags [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale 5,sackOK,TS val 188199763 ecr 0], length 0 22:48:50.256015 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4 (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80: Flags [S*], seq 1205153653, win 65535, options [mss 1460,sackOK,eol], length 0 22:48:52.915216 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4 (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80: Flags [S]*, seq 1205153653, win 65535, options [mss 1460,sackOK,eol], length 0 ^C As a company zscaler provide a hosted web filtering/security solution. As part of the debugging process, we noticed that the outbound IP address of our nodes is being blocked from your CDN. Would it be possible to open a dialogue to have this ban or throttle policy lifted? If there is something we need to address I would be more than happy to look at it. Note: It is possible that you are seeing a large volume of traffic from our IP address. This is not uncommon as we may have up to 50k+ users behind a single node. Zscaler Case ID: 02654708 Location: *Auckland* Range: *Auckland* *124.248.141.0/24 <http://124.248.141.0/24>* Regards, Suman Rawat Zscaler Product Support EngineerReceived on Thursday, 10 December 2020 14:03:01 UTC
