Hello,
Our firewall is picking up traffic from AWS with the User-Agent “Discourse Hub” (can post IP if helpful) to the following paths.
/about.json
/site/basic-info.json
/site/statistics.json
Is this part of discourse itself?
I would assume that traffic is from the app:
DiscourseHub working on AWS?
Yeah that doesn’t make sense to me, but this was my only idea.
Is there a know list of DiscourseHub public IPs that we should whitelist ? Or is it ok to leave them as blocked, I guess it could be causing functionality issues for any mobile users.
Every ISP that has human users using DiscourseHub?
The traffic isn’t coming from the users, it’s from AWS EC2 so appears be a service used by Discourse Hub.
No, it appears to be false user agent because it comes from AWS.
1 Like
Seems very specific, not seeing this traffic anywhere else or anything malcious. Only to our discourse forumand requesting those three forum paths/files.
Is there a way to verify this ?
It definitely can’t hurt.
It’s possible albeit unlikely that someone is routing their traffic via wireguard or other VPN via a VPS at AWS.
Seems very like a web service to me, a request is made every 15 minutes. There’s no other traffic indicating browsing the forum from those IPs. A personal VPN would have one and general HTTP requests. It’s only making requests to the three .json endpoints.
Here are the IPs and the reverse DNS hostname.
- 52.37.203.249 -
ec2-52-37-203-249.us-west-2.compute.amazonaws.com. - 54.185.78.20 - ec2-54-185-78-20.us-west-2.compute.amazonaws.com
- 52.39.141.85 - ec2-52-39-141-85.us-west-2.compute.amazonaws.com
I believe this is one of our (CDCK’s) services, though I didn’t expect it to use the Discourse Hub UA.
I’ll check it on Monday 
We do not proxy or monitor Discourse Hub (the user app) traffic, FYI.
3 Likes
I know. That’s why I was a bit confused.
Still seeing these within our cloudflare block list. As they’re genuine, could we get a confirmed list of IPs/paths for our firewall rules to allow ?