Corporate firewalls using zscaler and sophos blocking Netlify hosted web app


I have had a Netlify hosted site (a simple angular spa app) with a custom domain and DNS managed by Netlify being blocked by two separate enterprise firewalls of different companies.

One company runs zscaler and the other using sophos. I can’t get any detail out of their security team, but they eventually safe list the domain in their systems to get over the issue.

I maybe barking up the wrong tree, but I ran searches of the IP addresses returned for the site and it does change frequently. I notice that if the IP address is pointing to AWS it is generally healthy, but some digital ocean IPs return an error eg: SRBL blacklist database - Malware Expert. In this instance suggesting the server is missing some configuration.

I understand due to the nature of the service that people can create malicious sites, which are actively taken down, but this can have an effect on the IP address being denylisted. Again, I maybe in the wrong area here.


Is the experience I had common?

Is there any best practise that I can employ to help prevent being blocked, such as having the DNS and apex domain managed by my domain name registrar?

Would there ever be the possibility of having static IPs for an app or domain, or is that unrealistic for such a service?



That is correct, it will keep on changing.

Another correct observation.

Totally. I think a lot of our CDN endpoints have been on some block lists because of various spammers. Several other people have thus had issues too, sadly there’s no solution to it.

I’m not aware of any such thing. Sadly, each blocklist works differently. Some block based on IP Address, some block based on domain names. So it’s hard to find a method which would work for all.

I can’t promise, but I can say that it would be at least considered given the fact that a lot of people have requested it for various other reasons than this.

1 Like

@hrishikesh Ok thanks - that helps me understand what I am dealing with.

Finally, just to say - static IPs would be a great option. If I can support that with an up vote somewhere for requested features let me know.