My 10-year-old son is a cheerful and active computer user, and is already able to download and print homework assignments from the fourth grade pages on his school’s website. He’s also a pretty interested gamer, and occasionally winds up installing unwanted software, toolbars, downloaders, and other forms of crud on his machine. He’s learning the basics of safe computing, and so far we’ve managed to avoid bringing anything into the home network that requires aggressive clean-up, remediation, or an outright machine wipe. When he tried to check our local school district website last night to see if a threatened winter ice-up would lead to delayed opening or outright closing of the Round Rock schools last night, he came to tell me that “something was stopping him from access the website.”
How does a Web Application Firewall decide when to block domain names? That’s why I’m trying to find out right now…
At first, I thought he’d installed some kind of toolbar or browser add-on that was messing with domain name resolution. I checked “Programs and Features” in Control Panel first, but found nothing new nor alarming there. Ditto for for add-ons to IE 11 on his Windows 8.1 desktop. That’s when I started searching for “remove Incapsula” and “how-to remove Incapsula” on Google, and quickly realized that this was an effect of software outside my son’s machine and in fact also outside our local network. I was able to fix the problem, which resulted from Incapsula’s decision to block access to the roundrockisd.org domain (for reasons I am still trying to elicit from them), by entering the domain into the “Trusted Sites” list from the Security tab in Internet Options in IE. I didn’t have the same issues when using Chrome or Firefox, either.
The whole situation is a little bit mysterious and interesting because I can no longer provoke the error response from Incapsula on his machine (nor on any of my other PCs, either). All I can tell is that somebody in the chain of devices between our local home network and the Round Rock ISD network blocked domain access last night. I’ve launched inquiries with the vendor, and the school district, to see if they can shed any light on this. Though I may never be able to run the whole thing down, it’s absolutely fascinating to me that a configuration setting, or a domain name whitelist/blacklist entry, somewhere in the IP chain between “here” and “there” can wind up (temporarily) blocking access to a publicly funded and supposedly publicly accessible government website.