Community Forum

Domains blocked by xFi Advanced Security

Highlighted
Regular Visitor

Domains blocked by xFi Advanced Security

Hi,

Some of our domains are currently being blocked by xFi Advanced Security. These are 18 domains which include click-tracking, order form and unsubscribe domains but also public websites with subscriber logins, and even one development domain which is especially puzzling because it was never used publicly.

 

While these domains are being blocked, xFinity customers won't be able to access their paid content or unsubscribe from our mailings. Regular HTTP traffic on port 80 displays an interstitial safebrowse.io warning page that at least gives visitors the opportunity to proceed anyway, but secure HTTPS traffic is just being blocked with a misleading SSL protocol error.

 

In the beginning we assumed the problem was in our SSL configuration, but it turned out it's a side-effect from being blocked by xFi Advanced Security. When I switch to another provider like Google Fi or Verizon DSL, or when I turn xFi Advanced Security off, I can access all of our domains without any problems.

 

Our IT department reached out to their Comcast Business Rep but they haven't had much success yet, instead they recommended to contact support on the Comcast Residential side. I did contact customer support, but they said they didn't have "adequate tools" to address this issue.

 

I understand that anyone could claim that a domain is safe, secure and not being used for spam, but is there a way to get this case reviewed? Is there a contact or form to request a review and get them whitelisted? Or does the request have to come from a supervisor or our deliverability, IT, or legal departments? 

 

Thank you in advance,

Best regards,

Gerrit

Highlighted
Silver Problem Solver

Re: Domains blocked by xFi Advanced Security


@celeph wrote:

Hi,

Some of our domains are currently being blocked by xFi Advanced Security. These are 18 domains which include click-tracking, order form and unsubscribe domains but also public websites with subscriber logins, and even one development domain which is especially puzzling because it was never used publicly.

 

While these domains are being blocked, xFinity customers won't be able to access their paid content or unsubscribe from our mailings. Regular HTTP traffic on port 80 displays an interstitial safebrowse.io warning page that at least gives visitors the opportunity to proceed anyway, but secure HTTPS traffic is just being blocked with a misleading SSL protocol error.

 

In the beginning we assumed the problem was in our SSL configuration, but it turned out it's a side-effect from being blocked by xFi Advanced Security. When I switch to another provider like Google Fi or Verizon DSL, or when I turn xFi Advanced Security off, I can access all of our domains without any problems.

 

Our IT department reached out to their Comcast Business Rep but they haven't had much success yet, instead they recommended to contact support on the Comcast Residential side. I did contact customer support, but they said they didn't have "adequate tools" to address this issue.

 

I understand that anyone could claim that a domain is safe, secure and not being used for spam, but is there a way to get this case reviewed? Is there a contact or form to request a review and get them whitelisted? Or does the request have to come from a supervisor or our deliverability, IT, or legal departments? 

 

Thank you in advance,

Best regards,

Gerrit


Many posters here are disabling Advanced Security.

https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security


I am not a Comcast Employee.
I am just a customer, volunteering my time to help other customers here in the Forums.
Was your question answered? Mark the post as best answer!
Highlighted
New Poster

Re: Domains blocked by xFi Advanced Security

I am part of the IT BizOps team at Twitch Interactive. Some externally accessible sites our internal users access to get their work done are being blocked by Xfinity safebrowse. I would really like the thousands of Twitch employees to be able to take advantage of the security features of xFi Advanced Security and still WFH during these shelter-in-place orders without being on VPN. I see two possible ways that Comcast can help customers here.

 

1. Give Xfinity customers the ability to white-list URL's/IP's in their xFi advanced security management console

2. Give some transparancy about what reputation services you use and an appeals process where site owners can vouch for the validity of our sites.

Highlighted
Regular Contributor

Re: Domains blocked by xFi Advanced Security

The "intelligence" in xFi Advanced Security comes from Plume... contact them if you want help getting things unblocked. Comcast essentially gets their security info from Plume's system. Possibly others, but the tech comes from them. 

 

Also, I'm tagging @ComcastHana because they are able to communicate things back/forth to the team who manages the advanced security platform. 

Highlighted
Regular Contributor

Re: Domains blocked by xFi Advanced Security

   
Regular Contributor 
‎05-28-2020 01:09 PM
Re: Domains blocked by xFi Advanced Security

The "intelligence" in xFi Advanced Security comes from Plume... contact them if you want help getting things unblocked. Comcast essentially gets their security info from Plume's system. Possibly others, but the tech comes from them. 

 

FWIW - I have the same darn problem.  I contacted Plume and they acknowledged their partnership with Comcast BUT said they can't do anything - I have to go through Comcast to get access to my websites!

UPDATE (6/6/2020):  OMG - As of 5PM (or so) -  I am no longer blocked!  Yes, I am now living the dream!  FWIW - all my websites were blocked from May 29th, through June 6th, 2020.

Highlighted
Regular Contributor

Re: Domains blocked by xFi Advanced Security

UPDATE (6/7/2020):  Yuppa - BLOCKED AGAIN!

Highlighted
Regular Contributor

Re: Domains blocked by xFi Advanced Security

UPDATE:  Comcast/Xfinity contacted me - so far so good - they are addressing my problem.  Thanks Comcast!

Highlighted
New Poster

Re: Domains blocked by xFi Advanced Security

Hi @NFrankel236 ! 

 

I am having the same issue. I am on the phone with Comcast Xfinity now and my represenatitve but she doesn't know who or how to solve this issue. Do you have any advice as to what the issue was and how they fixed it on your end? 

 

Thank you!! We are so frustrated! :(. 

- Nicole 

Highlighted
New Poster

Re: Domains blocked by xFi Advanced Security

I am having the same problem of a few web sites that I am trying to access remotely related to my Survaillance Station cameras (IP address URL) being permanently blocked by Xfinity.  Using the Xfinity provided gateway. I disabled the security months ago and that did not solve the problem.  I have perfect access to the web sites on my mobile phone using cellular.  Does anyone know the department in Xfinity to contact to try to clear this up?  Frustrating beyond words.

 

Thanks,

PG_Glenn