Are you getting 403's when downloading? Please read here first

Meta Elastic
296

Hi @carly.richmond , thanks for your response :slight_smile:

This sadly doesn't quite help us... I understand that it's not Google which is specifically the entity blocking this IP on your end. But, it is without a doubt a blocking on your end - there's an entire TLS handshake to verify it's talking to your server before it responds with the 403 error :slight_smile:

It might be an Nginx or other Proxy/Later/System performing the blocking, which runs behind your GCP LBs. As there are other posts from people in GCP, it apparently doesn't only affect us.

As I wrote in my first post, maybe this is some sort of rate limit/fail2ban-thing that we're facing - but this only started recently despite nothing changing on our end. Also, I was not able to find any documentation about what your official rate limits are for your apt repos, which would also help us to fine-tune our request behaviour.

297

I understand your frustration @MrTrustworthy. What's I've been told from our team is that our WAF and DDoS protection is offered by Google as a managed service and it looks like the block is originating there.

Have you contacted Google at all?

299

Hi @Ammar_Abu_Qoura,

Welcome to the community! I've raised a request to unblock the above IP.

It can take some time for the requests to be actioned, so please be patient. If you need access quickly I would try another IP if possible.

Hope that helps!

300

Hi @carly.richmond , thanks for your reply :slight_smile:

As you confirmed in your last message, the block is on your end on the GCP LB (where Cloud Armor is running the WAF/DDoS). The CloudArmor/WAF configuration is something that's happening on your tenant that's exclusively under your control.

There isn't really anything we can do about this. Google can't interfere in YOUR tenant on OUR request. If that were possible, it would be a massive security hole :smiley:

Your WAF configuration allows you to define specific rules, among them are exclusions from certain DDoS/Rate-Limiting rules for certain IPs. This is where you could whitelist our IP.

If this is not possible, or simply in addition to it, we are more than happy to adjust our request behaviour to meet your rate limits. As mentioned in my last 2 posts, for that we'd simply need to know what those limits are since we couldn't find any public documentation about it.

301

Hi @jakub.pinkas,

I've received word that your IP range has been unblocked. It can take a couple of days to propagate so just let us know if you're having issues.

I've also checked into the repository mirror and the response I've received is that it's not something that is currently supported, but I've fed it back to the team for consideration.

Hope that helps!

302

Hi, @carly.richmond

curl https://ipinfo.io/
{
  "ip": "176.222.53.222",
  "city": "Amsterdam",
  "region": "North Holland",
  "country": "NL",
  "loc": "52.3740,4.8897",
  "org": "AS57043 HOSTKEY B.V.",
  "postal": "1012",
  "timezone": "Europe/Amsterdam",
  "readme": "https://ipinfo.io/missingauth"
}


wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-8.11.1.zip

--2024-02-06 12:17:39--  https://artifacts.elastic.co/downloads/elasticsearch-plugins/analysis-phonetic/analysis-phonetic-8.11.1.zip
Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7::
Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2024-02-06 12:17:40 ERROR 403: Forbidden.
303

Hi @danbka33,

Welcome to the community! Thanks for raising. It looks like your IP is within the same ASN as @stashevvsky's request, which I've already raised an issue for. This is already under investigation so I'll confirm to both of you when the unblock has been actioned.

Hope that helps!

304

Hello! @carly.richmond
Is there any news on our request?
Thank you.

305

Hi @zhnv,

Thanks for reaching out. To confirm, it was the the below IP you were enquiring about:

I've received word back from the team that this ASN is already allowed and we can see traffic coming through. Can you try again?

If you're still having issues it might be worth checking that you are using the IPv4 address and don't have IPv6 enabled on your host, which we've seen has caused issues previously.

Hope that helps!

307

@carly.richmond
any update on our request for the IP: 194.180.189.111

308

Hello, could you unblock my AS:

opsinfra@kz-ev-01:~$ curl ipinfo.io
{
  "ip": "5.101.36.35",
  "hostname": "kz-ev-01.edgeam.am",
  "city": "Almaty",
  "region": "Almaty",
  "country": "KZ",
  "loc": "43.2500,76.9167",
  "org": "AS201589 \"EDGEAM\" LLC",
  "timezone": "Asia/Almaty",
  "readme": "https://ipinfo.io/missingauth"
}
opsinfra@kz-ev-01:~$ curl -I https://epr.elastic.co
HTTP/2 403
content-length: 134
content-type: text/html; charset=UTF-8
date: Tue, 06 Feb 2024 10:38:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
309

HI @carly.richmond ,

Thank you. I checked the graphs and the problem stopped in the last 24 hours.

I understand about the mirror, but thanks for the effort.

Have a nice day!

1 Like
310

@MrTrustworthy I am merely the middle person here. What the team have told me that our WAF and DDoS protection is offered by Google as a managed service. The team have checked and we do not have any defined rules that would block your IP.

Since your IP is also Google we recommend raising it with them. If you want to come back with trace details and times where requests are blocked versus unblocked I can reopen the issue and have the team take a look. But as they have recommended you follow up with Google directly I recommend actioning that and sharing the response as well.

Best of luck!

311

I'm afraid not @Ammar_Abu_Qoura. These requests can take some time to action so please be patient. I'll come back when I have an update.

In the meantime if you are needing an urgent download I would recommend trying to use another IP if you can.

312

Welcome @AIdaho! Thanks for getting in touch.

I've raised the unblocking request with the team and will come back with an update when I hear back. Just a warning that it can take time to action these requests.

313

Hi @carly.richmond ,
thanks for your response :slight_smile: I appreciate that you are the middle person here, and thanks a lot for your attempts at helping us out!
Since it doesn't seem possible for you to adjust the WAF to whitelist us, or let us know the rate limits that we should remain below, we'll pursue other avenues to avoid the blockade.

1 Like
314

Great! Thank you :slight_smile:

315

Hi @stashevvsky,

I've received word that the team have updated the rules to unblock your IP. Can you check and confirm you are able to download the artefacts?

It can take some time to propagate, but if you're still having issues in a couple of days do let us know.

316

Hi, @carly.richmond.
Getting 403 when trying to install via yum.

ip - 185.32.14.15

ip:
"185.32.14.15",
hostname:
"c2-185-32-14-15.elastic.cloud.ngn.com.tr",
city:
"Istanbul",
region:
"Istanbul",
country:
"TR",
loc:
"41.0138,28.9497",
org:
"AS201863 Star of Bosphorus Bilgi Teknolojiler San ve Tic A.S.",
postal:
"34096",
timezone:
"Europe/Istanbul",
asn:
Object,
asn:
"AS201863",
name:
"Star of Bosphorus Bilgi Teknolojiler San ve Tic A.S.",
domain:
"ngn.com.tr",
route:
"185.32.14.0/24",
type:
"hosting",
company:
Object,
name:
"Star of Bosphorus Bilgi Teknolojiler San ve Tic A.S.",
domain:
"ngn.com.tr",
type:
"hosting",
privacy:
Object,
vpn:
false,
proxy:
false,
tor:
false,
relay:
false,
hosting:
true,
service:
"",
abuse:
Object,
address:
"Buyukdere Cad. No:127 Astoria Kuleleri A Kule Kat 1 34394, 34394, ISTANBUL, TURKEY",
country:
"TR",
email:
"agursu@ngn.com.tr",
name:
"Abuse-C Role",
network:
"185.32.14.0/24",
phone:
"",```
317

Hi @Mustafa07,

Welcome! Thanks for raising your issue. I've passed on your request to the relevant team and will revert back when I have an update.