Legit Google IPs Being Blocked By FireHol Abusers d1

[themidastouch]

FireHol Abusers 1d is blocking legitimate google API IP addresses: 172.217.2.42 142.250.191.234

Can we please get these removed from this feed ASAP?

[ghnp5]

Could you please clarify what you mean with Google API, or which API would need access to your server?

These 2 IP addresses don't seem to be in this list: https://developers.google.com/static/search/apis/ipranges/googlebot.json But this is for Googlebot, not Google API.

[themidastouch]

These were actually calls to an FQDN/URL with 3 IPs that resolved from those calls being denied by firehol abusers 1D threat feed.

The URL being called is/was pubsub.googleapis.com

So, yes, this is a Google API service that was interrupted by FireHol Abusers 1d feed blocking 3 IPs for this URL.

Please stop denying/blocking legitimate business processes.

These feeds are normally highly effective and accurate, in this case it was not and cause business interruption(s).

Thanks, -Steve

---

From: ghnp5 @.> Sent: Thursday, June 23, 2022 9:45 PM To: firehol/firehol @.> Cc: Steve C Wilson @.>; Author @.> Subject: Re: [firehol/firehol] Legit Google IPs Being Blocked By FireHol Abusers d1 (Issue #480)

Could you please clarify what you mean with Google API, or which API would need access to your server?

These 2 IP addresses don't seem to be in this list: https://developers.google.com/static/search/apis/ipranges/googlebot.jsonhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdevelopers.google.com%2Fstatic%2Fsearch%2Fapis%2Fipranges%2Fgooglebot.json&data=05%7C01%7C%7Ced10fd81d9f74cba29ed08da55832c78%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637916319124247970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=X06aPQzh6kzYqqgzBkTmOHAY1f3mamrxQumTvF5%2FhsM%3D&reserved=0 But this is for Googlebot, not Google API.

— Reply to this email directly, view it on GitHubhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ffirehol%2Ffirehol%2Fissues%2F480%23issuecomment-1165086392&data=05%7C01%7C%7Ced10fd81d9f74cba29ed08da55832c78%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637916319124247970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7ONIpMRRebQIJ%2FCmWdMhNWR1s83Rw1rdrxL9vtxkUF4%3D&reserved=0, or unsubscribehttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FANINHE35I7JJW2HQTGIGR5DVQUHKLANCNFSM5ZC7JPXQ&data=05%7C01%7C%7Ced10fd81d9f74cba29ed08da55832c78%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637916319124404261%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lNiD0%2FTvEQvaRGtZE5XRZIrzxMgGmpqzwmKDOimFzzs%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>

[ghnp5]

Please stop denying/blocking legitimate business processes.

I'm not a maintainer of this repo, btw. I was asking because I'm also looking to implement these lists in my firewall and saw your report here so I was trying to understand if this could be a case that could be affecting me too.

Thank you for your reply. Hopefully the maintainers will look into it.

Do you know if Google provides their range of IP addresses used for *.googleapis.com ? I couldn't find a list.

If there's a way to identify those ranges, then we could simply whitelist them.

Cheers!

[themidastouch]

We have not been able to find Google APIs list published either

Sorry for my assumption that you were the maintainer of the feed. My bad and I apologize for assuming.

-Steve

Get TypeApp for Androidhttp://www.typeapp.com/r On Jun 24, 2022, at 3:40 PM, ghnp5 @.@.>> wrote:

Please stop denying/blocking legitimate business processes.

I'm not a maintainer of this repo, btw. I was asking because I'm also looking to implement these lists in my firewall and saw your report here so I was trying to understand if this could be a case that could be affecting me too.

Thank you for your reply. Hopefully the maintainers will look into it.

Do you know if Google provides their range of IP addresses used for *.googleapis.com ? I couldn't find a list.

If there's a way to identify those ranges, then we could simply whitelist them.

Cheers!

— Reply to this email directly, view it on GitHubhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ffirehol%2Ffirehol%2Fissues%2F480%23issuecomment-1165922449&data=05%7C01%7C%7C80c3b4008a8d444be64108da5621ca79%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637917000367955080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XswpWMap4ZJ67%2FD4iRRtqhfmX%2B7gZv%2B4Fl9OW3DP1Tc%3D&reserved=0, or unsubscribehttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FANINHEZ24AZUZXPPC3BTVMTVQYMMHANCNFSM5ZC7JPXQ&data=05%7C01%7C%7C80c3b4008a8d444be64108da5621ca79%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637917000367955080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6pSZ05MxbtHl73KQy%2B607YgipQYhGIQVi1oKfdyCEUI%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>

[Stephanowicz]

Hi, just a reminder - those firehol blacklists are a compilation of different blacklist providers - if You take a look at the header of firehol_abusers_1d.netset you'll see a list of the used lists:

# An ipset made from blocklists that track abusers in the 
# last 24 hours. (includes: botscout_1d cleantalk_new_1d 
# cleantalk_updated_1d php_commenters_1d php_dictionary_1d 
# php_harvesters_1d php_spammers_1d stopforumspam_1d)

so You may search those lists for the faulty address and then complain about this address to the responsible provider or You disable this firehol compilation list and only enable the working lists individually....