<div dir="ltr">Two cautions regarding proxies:<div> - as mentioned before, make sure you don't have an open proxy, which might be abused</div><div> - if you're proxying only some traffic (eg, for content filtering, etc), then be sure all Google traffic gets proxied out the same IP. We sometimes see weirdness when some requests go through the proxy, but other requests go directly from the (home) IP. This can cause problems, for example the captcha exemption may fail due to the IP mis-match.</div><div><br></div><div>Damian</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jun 28, 2020 at 9:55 PM Chapman, Brad (NBCUniversal) <<a href="mailto:Brad.Chapman@nbcuni.com">Brad.Chapman@nbcuni.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto">
Interesting; thanks.
<div><br>
</div>
<div>Would you expect to see this behavior in an environment where a proxy server is used to funnel traffic to the Internet and clients have to use a PAC file or WPAD?<br>
<br>
<div dir="ltr">—Sent from my iPhone</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jun 28, 2020, at 9:34 PM, Damian Menscher <<a href="mailto:damian@google.com" target="_blank">damian@google.com</a>> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Blocking occurs when automated searching is detected, not simply due to the total volume of requests from a single IP. As such, there is no option for an exception.</div>
<div><br>
</div>
<div>To "solve" this, we recommend you minimize the number of users sharing an IP. The easiest method is with IPv6, since then each user can have their own /64 (our abuse systems don't look deeper than that). If you're stuck with IPv4, separate your corporate-managed
machines from the guest wifi (which is harder to control), and try to give different groups of users their own NAT IP (by building or floor, etc). That way when there's a problem you'll have fewer users impacted, and a smaller list of suspects.</div>
<div><br>
</div>
<div>If you want to start digging into the reasons why your IP might have been blocked, the most common reasons for getting blocked (mostly for websearch) include (in no particular order):</div>
<div> - malware that proxies abuse for criminals</div>
<div> - browser extensions that automate searching</div>
<div> - misconfigured browsers that have anomalous behavior</div>
<div> - corporate proxies that are open for abuse</div>
<div> - users installing "P2P VPN" software, which is also abused</div>
<div><br>
</div>
<div>Damian</div>
<div>-- </div>
<div>Damian Menscher :: Security Reliability Engineer :: Google :: AS15169</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Jun 28, 2020 at 4:57 PM Chapman, Brad (NBCUniversal) <<a href="mailto:Brad.Chapman@nbcuni.com" target="_blank">Brad.Chapman@nbcuni.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Greetings Outages-Discussion,<br>
<br>
I hope you are all having a pleasant Sunday afternoon / evening with no P1 / SevA / 4-alarm fires caused by a violation of Read-only Friday.
<br>
<br>
Given the number of sysadmins and telecom / network engineers on this list, I am guessing that we have seen (or been asked to explain) the Google “Sorry” page.<br>
<br>
Occasionally, our company gets a burst of calls about this issue, until the lockout expires on Google’s side. We manage >50,000 computers so even short lockouts can generate dozens of calls.
<br>
<br>
Has anyone ever approached Google’s NOC team to request an exemption from the Sorry page for their busiest external IP addresses? Or, if not a blanket exemption, to request an increase in the threshold before it is tripped?<br>
<br>
Hope you’re all staying safe.<br>
<br>
Cheers,<br>
Brad Chapman<br>
NBCUniversal<br>
<br>
—Sent from my iPhone<br>
_______________________________________________<br>
Outages-discussion mailing list<br>
<a href="mailto:Outages-discussion@outages.org" target="_blank">Outages-discussion@outages.org</a><br>
<a href="https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/outages-discussion__;!!PIZeeW5wscynRQ!-T5SokgIYLbWPeqRO4boP4fHxQbHaOHVW5G6FNDQ4sI2cVgFNtCDeAvOwaP5eN4PNg$" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/outages-discussion</a><br>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote></div>