Happening to me too. Assumed this was a “work thing”…

Just happened to me too. Getting blocked from my laptop but not my phone which is connected to the same corporate wifi network?

I too can get in on my phone, which is on the corporate WiFi. However, the phone will be bypassing the corporate proxy servers. 

Thanks for the Ray ID @jamesrt - this is the only way I can trace this kind of thing.

Could you please try again folks?

All good here. Thanks @freitasm

Am also now OK from work laptop - there was a capture challenge thing, but that seemed to be automatically processed.

Yes. The network your work is using is also used by some bots I do not consider worthy of accessing Geekzone.

So the challenge is the best compromise. It should block these Bad Bots and be just a small thing for legitimate users.

This hit me too. The network you're referring to is 'ZScaler' in my case which is a large web access service used by corporates.... and very much not 'botty'. 
If you have concerns about traffic you're seeing from ZScaler IP addresses, let me know and I can put you in touch with someone in their NZ office.

BlakJak: This hit me too. The network you're referring to is 'ZScaler' in my case ... 

Same here. Was working fine yesterday, but not 1st thing this morning. Now all good again.

BlakJak:

 

This hit me too. The network you're referring to is 'ZScaler' in my case which is a large web access service used by corporates.... and very much not 'botty'.

 

If you have concerns about traffic you're seeing from ZScaler IP addresses, let me know and I can put you in touch with someone in their NZ office.

 

As explained in the PM, it seems the ZScaler ASN is being used by companies that deploy automated website scraping. This may include AI bots, because this is the blocking rule that affected you folks.

Just because ZScaler is used by "corporates" doesn't mean it can't be used by automated processes by some of their clients. Same with other cloud providers. 

I have tweaked the rule to allow humans to pass. 

To clarify, the blocking rule includes AI crawlers, SEO bots, monitors and security scanners:

Those are bots that have no place accessing Geekzone. We don't use these tools so no reason to have thousands of requests hitting our server every day. 

(We do use security scanners but those are allowed access on a higher rule. We don't need rogue security scans by unauthorised parties).

This reminds me of the iCloud Private Relay documentation, which basically says "because everyone using this is an Apple customer, you don't need to block our address ranges". As if Apple's customers are somehow better than non-Apple customers. Spoiler: they're not.

Behodar:

 

This reminds me of the iCloud Private Relay documentation, which basically says "because everyone using this is an Apple customer, you don't need to block our address ranges". As if Apple's customers are somehow better than non-Apple customers. Spoiler: they're not.

 

Microsoft Azure, AWS and GCP are used by corporates. And look at the amount of crap coming out of their networks...

This is the last 24 hours of blocking and challenging. Very quiet - there are days we block millions of requests.

These are the top blocked ASN in the same period:

The top ASN in this list is 136557. For some reason or another one of their clients scan Geekzone constantly, requesting the same URL over and over, 24/7 for years. No reason at all. They even keep requesting 404 pages. And yes, .css and .ico are cached at edge, so lucky these don't hit the server:

In my view, "corporate" networks are the ones that get more scrutiny than residential IPs. Yes, I know residential IPs can be hijacked, but the scale here...

.. except the ZScaler NZ exit node is in Auckland, 147.161.216.0 appears on the Auckland IX from AS53813 which appears to be ZScaler's own ASN. 

I don't know if the ZScaler terms of use allow for bot-scraping, and i'm sure it's possible that service providers / datacentres with whom ZScaler has hosting and transit arrangements may also be hosting other customers with less scruples, but the ZScaler Internet Access (ZIA) service that's their product leader is something that runs resident on a corporate client desktop, not a bot or scraper.

Appreciate you opening the doors for us though!