[VoiceOps] PSA - Hosting SHAKEN cert behind Cloudflare

Karl Douthit karl at piratel.com
Sat Jul 15 21:59:10 EDT 2023


For Cloudflare we had to set a Page Rule on the cert page / site : Browser
Integrity Check: Off

On Sat, Jul 15, 2023 at 6:54 PM Jared Geiger via VoiceOps <
voiceops at voiceops.org> wrote:

> We were notified that some validators were unable to pull our cert which
> is hosted behind Cloudflare.
>
> I believe the fix is to create a WAF rule to match when the  User Agent
> contains "Java/1.8.0" and then choose the Skip action.
>
> Please share if anyone has any better tips for WAF rules for this scenario.
>
> I was seeing Bandwidth, TransUnion, and Level3 getting blocked.
>
> TransUnion gave me the heads up and mentioned they saw it with other
> carriers lately also.
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20230715/0019a30c/attachment-0001.htm>


More information about the VoiceOps mailing list