Managed Firewall block PayPal ASN 17012 - is this legit?

In my firewall rules I’m seeing blocks due to a managed rule (browser integrity) coming from ASN 17012 PAYPAL. I’m no expert here but for me this looks like a legit PayPal source and the requests also target legit hooks on my clients end.

Can someone with more expertise verify that these are legit requests?
And if so what can I do to permit these requests? I already tried with a manual rule that allows ASN 17012 but it seems like that it doesn’t have priority in moste cases over the managed rule. So there are some allows now but most of the time blocks. Since the client sometimes does have PayPal issues I could imagine they are connected to these block - though I’m not sure yet.

Here is an example event of such a block:

  "action": "drop",
  "clientASNDescription": "PAYPAL",
  "clientAsn": "17012",
  "clientCountryName": "US",
  "clientIP": "",
  "clientRequestHTTPHost": "REMOVED",
  "clientRequestHTTPMethodName": "POST",
  "clientRequestHTTPProtocol": "HTTP/1.1",
  "clientRequestPath": "REMOVED",
  "clientRequestQuery": "",
  "datetime": "2020-10-13T12:59:26Z",
  "rayName": "5e193ce0ffc81fa7",
  "ruleId": "bic",
  "source": "bic",
  "userAgent": "Java/1.8.0_212",
  "matchIndex": 0,
  "metadata": [],
  "sampleInterval": 1

This topic was automatically closed after 30 days. New replies are no longer allowed.