What is the name of the domain?
none
What is the issue you’re encountering
Cloudflare intercepts me from accessing sites it allegedly protects, presumably because of the nature of my IP addresses. Two months ago I got locked out from accessing Cloudflare itself because it wrongly formed conclusions based on my addresses — as it does — and decided to make me confirm it over email—which it handles the records for. With the server being down, contacting support over a form I got silence, and no way to change it, I got locked out for a month until I somehow managed to use an API key and poor RESTful API skills to re-route, at which point it decided not to CAPTCHA me anymore.
What steps have you taken to resolve the issue?
As a client none. As a server these addresses are actual entries on zone records Cloudflare is authoritative for, complete with proper rDNS. I assumed a long time ago, correctly so, that it would do more harm than good so I took of my domains off of Cloudflare’s proxy service so I wouldn’t be blocking legitimate users like I’m being blocked myself, but I still need to find a way how to verify my static addresses, something I shouldn’t have to do, so that downloads started from a script or in other complex scenarios, or framed pages such as EULAs, or things like that won’t fail.
What are the steps to reproduce the issue?
It would seem that Cloudflare is listening to these coercive IP reputation lists that target ASNs. “Level 3” as they call themselves. As tenants on a service we have, and should have no say on what other tenants sharing that ASN do, the same goes — within reason, e.g. unless customers harm other customers/network, that sort of thing — for the service provider. I noticed it started happening a few years back when after a change of addresses I got an ASN report on it. While I’m able to clear up the reports on each address (and /48 block from Hurricane Electric, another shared ASN) individually, I can’t do anything about the ASN. This one list just happened to know of a service that for a yearly fee per address, it might or it might not prevent it from appearing on that list, not its competitors though; hence coercive. Sometimes it happens on mobile too, which is yet another shared ASN.