Comment by ghxst
1 year ago
Try clearing your cookies and disabling all extensions, if that still results in a block you can try a mobile hotspot. You're either failing some server side check (IP, TCP fingerprint, JA3 etc.) or a client side check of your browser integrity (generally this is tampered with by privacy focused extensions, anti-fingerprint settings etc.). It's not a "fix" but can at least give you an indication of why it is happening.
That's quite a lot to ask. Not OP, but I'm not doing all that just because sometime else misconfigured their anti-DDoS, unless I really need to.
My intention was to explain how to identify what could be causing the issue, not to give any indication that I think this is acceptable. Unfortunately like you point out, sometimes you _really_ do have to deal with a website behind an over sensitive WAF, in which case the steps I provided can be helpful.
My problem is that I help a lot of people set up their computers because they want to get rid of ads and tracking. They don't know how to fix this. Or more likely don't even realise there is a problem and will just close it down and continue with their day. So I guess it's not my problem but it is someones problem.
I believe their point was that they have no desire to fix the issue if they can just look elsewhere, making it detrimental to the vendor more so than the end-user.
That's totally understandable and I don't blame them. However since they did state they hoped it would be resolved I thought they (or anyone in a similar situation) might at least want to know how to diagnose any potential cause that you have some control over.
I think it's unfair this comment has been flagged or downvoted or whatever. It's pragmatic information!
The mobile hotspot thing... I have to do that to do anything involving Okta.
For some frustrating reason my IPv4 address, which I pay extra to my ISP to have, has been blocklisted by Okta. A login flow failure in one of the apps work uses triggered my address getting banned indefinitely is my best guess. My works Okta admins don't really understand how to unblock me on their Okta tenancy, and Okta support just directs me back to my local admins (even though it's any okta-using org I'm banned from logging into).
I get that misuse/abuse detection has to do its thing but it's so frustrating when there's basically zero way of a legitimate user from an IP of undoing a ban. My only recourse is to do all my using of okta from another IP.... If I was a legit spammer I wouldn't think twice about switching to another IP from my big pool, probably.
Thank you, I'm a bit surprised people took issue with my comment but I suppose I could have worded it better.
As for your case, I wonder if Okta is relying on an external service like IPQS to get a score, that could explain why they don't really have any control over it.
Thankyou! I checked with IPQS and my residential IP had been flagged for being "a proxy". I routinely SSH VPN (sshuttle) into my home network to do things so maybe that's why.