Are you getting 403's when downloading? Please read here first

Hi @carly.richmond!

We get a 403 error, which prevents us from downloading images of your products from the repository, and, as I understand it, it doesn't even allow us to upload images on the Kibana page with data integrations

[2025-12-15T12:00:40.103+00:00][ERROR][plugins.fleet] '403 Forbidden' error response from package registry at ``https://epr.elastic.co/package/atlassian_confluence/1.29.2/img/confluence-logo.svg
[2025-12-15T12:00:40.148+00:00][ERROR][plugins.fleet] '403 Forbidden' error response from package registry at ``https://epr.elastic.co/package/auth0/1.23.0/img/auth0-logo.svg`` [2025-12-15T12:00:40.179+00:00][ERROR][plugins.fleet] '403 Forbidden' error response from package registry at ``https://epr.elastic.co/package/aws/5.0.0/img/logo_aws.svg

But our main problem is reaching these addresses, for example: ``https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-9.2.2-linux-x86_64.tar.gz

and this applies to any of your product packages. Please help. Below is some information about us:

curl -qs ipinfo.io

"ip": "178.163.225.84", "city": "Minsk", "region": "Minsk City", "country": "BY", "loc": "53.9002,27.5665", "org": "AS205820 Unitary enterprise A1", "postal": "220002
"timezone": "Europe/Minsk

BEST REGARDS

Welcome @webpay! Sadly this IP is not eligible to be unblocked.

Sorry to hear that
Anyway, thank you for your work and quick response.
All the best!

Thanks, @carly.richmond , but the geoip data shows correctly that the server is in the neatherlands, which I guess is not a sanctioned country:

image1072×219 21.5 KB

Could this be fixed?

Thanks, @carly.richmond , but the geoip data shows correctly that the server is in the neatherlands, which I guess is not a sanctioned country

@Robert_Garrigos you are correct that the server is located in the Netherlands, which is not a sanctioned country. However, the blocking is done at an ASN level, and the ASN that your IP belongs to has a connection to a sanctioned country that cannot be unblocked as it would let traffic that should be blocked through.

If you think the ASN information is incorrect, you can request from the main IP database providers to update the information.

Hope that helps!

No worries at all — and that’s great news

Glad to hear it’s working for you since this morning. Thanks for checking it in multiple ways as well (websites, curl, and Chocolatey), that really helps narrow things down.

Next time, if you’re able to grab the IPs, that would be perfect, but for now it sounds like everything has stabilized.

Hello, @carly.richmond!

IP 160.72.147.94

https://artifacts.elastic.co/downloads/elasticsearch-plugins/mapper-size/mapper-size-9.2.4.zip

I’m getting 403 while trying to set up my docker elasticsearch image in office network

Hi @kim_dev,

Thanks for flagging your issue. Before we raise a ticket can you confirm:

1. That IPv6 is disabled on the host?
2. That your internal network doesn't have any configured proxy or other network configuration that could be blocking the traffic?

Let us know!

Hi @carly.richmond , I asked our network team, they said that nothing like this is on.
We are using ipv4, and “artifacts.elastic.co” worked before.
And It is working for other IPs from “our pool” now e.g. 160.72.147.88

Thanks for confirming @kim_dev. You say it's working from other IPs from the pool now. Can you confirm if the original IP is still experiencing a 403? I just want to check if it was a temporary issue that is now resolved.

@carly.richmond I’ve just cheked, and 160.72.147.94 is still getting 403.

image770×675 45 KB

Thanks for confirming @kim_dev. I've raised the ticket and will provide an update when I hear back. Just a heads up that it can take some time to get a response from the team.

Hope that helps!

Hi, We are having issues with our corporate public IPs :

45.9.114.21
45.9.114.24
45.9.114.29

45.9.112.36
45.9.112.35
45.9.112.34

2a0e:ee00:e80a:1402:8f08:df83:f6f9:7e86
2a0e:ee00:e80a:1402:79bd:7377:b468:b15f
2a0e:ee00:e80a:1402:83b4:432e:8137:3f30

2a0e:ee00:e809:1402:41c0:9c7:3c12:d4e8
2a0e:ee00:e809:1402:db6f:f3a5:3096:c085
2a0e:ee00:e809:1402:b5b8:8271:2b58:f714

I’m not sure the IPv6 addresses are used.

Regards,

Hi @Thomas_DE_LUCA,

Welcome! IPv6 is currently not supported. Can you try disabling IPv6 and seeing if that solves your issue?

If not do share with us the ip location info (via http://ipinfo.io/) and the asset that you're trying to access.

Let us know!

Ok, no problem, I can’t disable IPv6 but it is not used if you didn’t configure it on your side since ou don’t support it. Juste the 6 IPv5 addresses should be enough.

ipinfo gives :

{
  "ip": "45.9.114.21",
  "city": "Paris",
  "region": "Île-de-France",
  "country": "FR",
  "loc": "48.8534,2.3488",
  "org": "AS211310 Enedis SA",
  "postal": "75000",
  "timezone": "Europe/Paris",
  "readme": "https://ipinfo.io/missingauth"
}

And similar for the other 5 addresses.

I’m trying to docker login docker.elastic.co and pull some images.

Regards

Thanks @Thomas_DE_LUCA . Before I raise the issue can you perform a trace as per these instructions to verify that you're definitely not hitting IPv6? We have seen cases where IPv6 is triggered when enabled even if it's not used.

Let me know!

Hi @kim_dev,

I hope you're well. Not sure if you're still having issues, but the ASN is added to the allow list. It might take a bit of time to propagate, but if you're still encountering issues let us know!

Asking to delist network 149.5.215.0/24, we are located in Estonia:

# curl -s ipinfo.io | jq
{
  "ip": "149.5.215.82",
  "city": "Tallinn",
  "region": "Harjumaa",
  "country": "EE",
  "loc": "59.4417,24.7025",
  "org": "AS209153 Arvid Logicum OU",
  "postal": "10321",
  "timezone": "Europe/Tallinn",
  "readme": "https://ipinfo.io/missingauth"
}

# whois 149.5.215.82 2>&1 | grep -FA20 'Found a referral'
Found a referral to rwhois.cogentco.com:4321.

%rwhois V-1.5:0010b0:00 rwhois.cogentco.com (CGNT rwhoisd 1.2.2)
network:ID:NET4-9505D70018
network:Network-Name:NET4-9505D70018
network:IP-Network:149.5.215.0/24
network:Org-Name:Arvid Logicum OÜ
network:Street-Address:3 R LAEVASTIKU
network:City:PÕHJA-TALLINNA
network:Country:EE
network:Postal-Code:10313
network:Tech-Contact:ZC108-ARIN
network:Updated:2024-12-20 15:50:56
%ok

Hi, I tried curl -x internal-proxy:5555--trace - --trace-time https://artifacts.elastic.co/GPG-KEY-elasticsearch and it worked fine. It seems to work with IPv4 only but I can only see my proxy’s IPv4.

Hi @leont,

Can you confirm which Elastic asset you're trying to download (or command you're running ) and that IPv6 is disabled on your host? That is a common reason for issues.

Let us know.