Published Mar 06

Network reputation blocking

2 min

Overview

Dimagi’s CommCare production environments rely on layered security protections to protect our services, including systems which block traffic from networks which have been assessed to have a poor ‘reputation’ based on suspicious or dangerous activity. 

On occasion these protections affect organizations attempting to use CommCare’s services from networks which have been flagged. This writeup provides information on how teams can identify and address these issues. 

How to identify network reputation problems

If your network is being affected by reputation filtering, it is most likely that all requests from devices (computers, phones) that are accessing the internet through your network will be blocked by CommCare (and other websites with strict security controls). In a web browser, requests to the website will likely be returning a 403 Forbidden error response. 

The easiest way to confirm that your network is being blocked due to reputation is to attempt to access the site from the same device on a different network. There are also IP Reputation Check tools online which can provide information about your network. 

Why is my network being blocked?

Networks are generally blocked based on their network IP Address, which is assigned from your Internet Service Provider (ISP). If your traffic is being blocked, it might be because of one of the following reasons.

  • A device on your network has been compromised and is producing malicious traffic, say as part of a Bot Network

  • Your ISP has randomly assigned an IP address to your network which was previously assigned to a network that was producing malicious traffic

  • You are accessing CommCare through a Cloud Service layer, VPN, or overlay network (like TOR), which has previously been associated with malicious traffic

What can I do?

1. Change Your Outgoing IP Address

Most often you can address reputation based blocking by getting a new IP address from your ISP, often this can be as simple as cycling your network. For most teams access issues don’t recur after getting reassigned to a new IP address. 

  • Restart your internet router to obtain a new IP (for most home and office networks).

  • Switch to a different network (e.g., mobile data, VPN, or another Wi-Fi connection).

You can confirm this has worked by checking with an online tool to see whether your IP address has changed. If restarting your equipment doesn’t cycle your IP address you may need to contact your ISP to get support on how to get a new IP.

2. Request a Static IP

If you are accessing CommCare through cloud services (AWS, Google Cloud, etc) or another managed network, you can consider configuring a static IP endpoint with your provider to ensure consistent access and avoid being assigned IP addresses.

3. Inform Your IT Team

You may also consider notifying your IT department if your IP address has been blocked from reputation flagging, especially if your network becomes blocked again after cycling your IP address.

Related content