We’re experiencing an intermittent access issue with our web app when users are connected through certain VPN providers. Some VPNs work fine (e.g., Avast VPN), while other VPNs block or fail to load the app. Without VPN, everything works normally.

​

Our setup:

​

Main domain is hosted on Webflow

​

Subdomain is served via AWS CloudFront

​

DNS is managed on GoDaddy

​

No geo-blocking configured on our side

​

No WAF rules blocking VPN traffic (as far as we can see)

​

What we’ve already confirmed:

​

DNS resolution is correct (dig/nslookup tested)

​

App loads correctly on multiple networks and multiple VPNs

​

Webflow configs look clean

​

Some users do get blocked when using specific VPN servers

​

Our domain was previously flagged by a network reputation service and later whitelisted — we need to understand the root cause to prevent recurrence

​

What we need from you:

​

Diagnose why certain VPN IP ranges still cause access failures

​

Determine if the issue is related to:

​

CloudFront origin settings

​

AWS WAF / bot filters

​

Webflow’s default protection

​

DNS propagation or TTL misconfiguration

​

IP reputation databases (Spamhaus / CrowdSec / CleanTalk / etc.)

​

Provide clear steps to resolve or mitigate the issue

​

(Optional) Help adjust DNS / CloudFront / WAF configs if needed

​

Ideal experience:

​

AWS CloudFront + Route 53 / GoDaddy DNS experience

​

Understanding of IP reputation + VPN exit-node behavior

​

Experience troubleshooting CDN + reverse proxy access issues

​

Bonus: Familiarity with Webflow hosting edge network quirks

​

Please include in your proposal:

​

A brief explanation of how you typically approach VPN/blocking diagnosis

​

Confirm you can analyze both CloudFront and external reputation lists

​

Your estimated timeframe to investigate

• Some VPNs work fine (e.g., Avast VPN), while other VPNs block or fail to load the app
• App loads correctly on multiple networks and multiple VPNs
• Some users do get blocked when using specific VPN servers
• DNS propagation or TTL misconfiguration
• IP reputation databases (Spamhaus / CrowdSec / CleanTalk / etc.)
• AWS CloudFront + Route 53 / GoDaddy DNS experience
• Understanding of IP reputation + VPN exit-node behavior
• Experience troubleshooting CDN + reverse proxy access issues
• Bonus: Familiarity with Webflow hosting edge network quirks
• Confirm you can analyze both CloudFront and external reputation lists

• Webflow’s default protection

• Diagnose why certain VPN IP ranges still cause access failures
• CloudFront origin settings
• Provide clear steps to resolve or mitigate the issue
• (Optional) Help adjust DNS / CloudFront / WAF configs if needed