@SuperTux88 we can't see a record of this IP hitting our systems unfortunately. I am being told indicates it's not reaching us at all as we definitely log a denied attempt for visibility purposes.
Well, I just tested from 2a01:4f8:10a:1c49:105::2 (which is in this /64 subnet) and I get the following response:
* Expire in 0 ms for 6 (transfer 0x55a0bd3670f0)
* Expire in 1 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 1 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 2 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 2 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 2 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 0 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 2 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 1 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 1 ms for 1 (transfer 0x55a0bd3670f0)
* Expire in 1 ms for 1 (transfer 0x55a0bd3670f0)
* Trying 2600:1901:0:1d7::...
* TCP_NODELAY set
* Expire in 149998 ms for 3 (transfer 0x55a0bd3670f0)
* Expire in 200 ms for 4 (transfer 0x55a0bd3670f0)
* Connected to artifacts.elastic.co (2600:1901:0:1d7::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=appsearch.elastic.co
* start date: Nov 11 21:11:42 2022 GMT
* expire date: Feb 9 21:11:41 2023 GMT
* subjectAltName: host "artifacts.elastic.co" matched cert's "artifacts.elastic.co"
* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1D4
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55a0bd3670f0)
> GET /packages/7.x/apt/dists/stable/InRelease HTTP/2
> Host: artifacts.elastic.co
> User-Agent: curl/7.64.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 403
< content-type: text/html; charset=UTF-8
< referrer-policy: no-referrer
< content-length: 334
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>403 Forbidden</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Forbidden</h1>
<h2>Your client does not have permission to get URL <code>/packages/7.x/apt/dists/stable/InRelease</code> from this server.</h2>
<h2></h2>
</body></html>
* Connection #0 to host artifacts.elastic.co left intact
So I'm reaching something and something is still blocking me (error 403) and it starts to get annoying. If what I'm reaching here (2600:1901:0:1d7::) is not you, then you should probably check why your DNS entry is pointing to this.
Just to ensure, I need you to allow the whole 2a01:4f8:10a:1c49::/64 subnet, that's why I already asked you last time if you allowed the whole subnet. I have multiple servers in this subnet and all of them are blocked.
@alois-git replying to your PM here , we have allowed your AS as well, let me know if you still have issues.
@StudioMaX your AS has been allowed too.
@omgololo this IP appears to belong to an RU entity and we are unable to allow it.
Hi, this is also banned
IP: 194.35.119.0/24
Location: Poland
Thanks @warkolm
But still have the issues ...
~/elastic-agent$ docker pull docker.elastic.co/beats/elastic-agent:8.5.1
8.5.1: Pulling from beats/elastic-agent
d0eb0fe83e8a Pulling fs layer 0.4s
92a5cd8bc972 Pulling fs layer 0.4s
1b7f5f9553b8 Pulling fs layer 0.4s
a43e85a017fe Waiting 0.4s
f9ccd3e1a8a4 Waiting 0.4s
a4267372ab5d Waiting 0.4s
4c657e194db6 Waiting 0.4s
1a7ecbb7a05b Waiting 0.4s
6de42ae596d2 Waiting 0.4s
2868e8b67592 Waiting 0.4s
032978dbe8f8 Waiting 0.4s
2cb1b2bed2a5 Waiting 0.4s
47cc0939abea Waiting 0.4s
error pulling image configuration: download failed after attempts=1: error parsing HTTP 403 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML><HEAD><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">\n<TITLE>ERROR: The request could not be satisfied</TITLE>\n</HEAD><BODY>\n<H1>403 ERROR</H1>\n<H2>The request could not be satisfied.</H2>\n<HR noshade size=\"1px\">\nThe Amazon CloudFront distribution is configured to block access from your country.\nWe can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.\n<BR clear=\"all\">\nIf you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.\n<BR clear=\"all\">\n<HR noshade size=\"1px\">\n<PRE>\nGenerated by cloudfront (CloudFront)\nRequest ID: xxx\n</PRE>\n<ADDRESS>\n</ADDRESS>\n</BODY></HTML>"
403 ERROR
The request could not be satisfied.
The Amazon CloudFront distribution is configured to block access from your country.We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront) Request ID: xxx
curl ipinfo.io
{
"ip": "***",
"country": "FR",
"timezone": "Europe/Paris",
"readme": "https://ipinfo.io/missingauth"
}
IP was sent by DM.
Thanks a lot for your help
@Lukasz_Wrona we have allowed your ASN already and we see successful connections from 51.83.228.154 and from 146.59.25.195 and no denial in our logs.
@warkolm, unfortunately still doesn't work
# docker pull docker.elastic.co/beats/filebeat:8.5.0
8.5.0: Pulling from beats/filebeat
43850375985f: Pulling fs layer
891a6bcab6ca: Pulling fs layer
fc1d67b39ad0: Pulling fs layer
8c31149029a2: Waiting
6c85cb2b60d3: Waiting
ea64a4c07433: Waiting
fa6a765d76b0: Waiting
ece79d1d779e: Waiting
8fbfc907b18d: Waiting
d7680003e354: Waiting
381a653c6a83: Waiting
error pulling image configuration: error parsing HTTP 403 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML><HEAD><META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">\n<TITLE>ERROR: The request could not be satisfied</TITLE>\n</HEAD><BODY>\n<H1>403 ERROR</H1>\n<H2>The request could not be satisfied.</H2>\n<HR noshade size=\"1px\">\nThe Amazon CloudFront distribution is configured to block access from your country.\nWe can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.\n<BR clear=\"all\">\nIf you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.\n<BR clear=\"all\">\n<HR noshade size=\"1px\">\n<PRE>\nGenerated by cloudfront (CloudFront)\nRequest ID: ahDeBZXhUydzQY7w9YWgasEwCiPul6DitkbexPkdlhcU4F_T3wkm6A==\n</PRE>\n<ADDRESS>\n</ADDRESS>\n</BODY></HTML>"
# curl -qs ipinfo.io
{
"ip": "51.83.228.154",
"hostname": "gateway-demo.promesaonline.com",
"city": "Warsaw",
"region": "Mazovia",
"country": "PL",
"loc": "52.2298,21.0118",
"org": "AS16276 OVH SAS",
"postal": "00-002",
"timezone": "Europe/Warsaw",
"readme": "https://ipinfo.io/missingauth"
}
Hi @warkolm,
can you please check my IP?
It's an Italian IP and I'm getting the 403 error when downloading plugins.
ipinfo:
{
"ip": "80.211.69.211",
"hostname": "host211-69-211-80.serverdedicati.aruba.it",
"city": "Arezzo",
"region": "Tuscany",
"country": "IT",
"loc": "43.4628,11.8807",
"org": "AS31034 Aruba S.p.A.",
"postal": "52100",
"timezone": "Europe/Rome"
}
Any chances those ips will be unlocked?
Still no answer...
If yes, please append 109.252.. to them
Per the OP we do not allow RU IPs.
@Lukasz_Wrona for the docker registry we use MaxMind’s GeoIP service and that is reporting the AS as russian and we don't have the ability to work around this. We suggest you submit this as a potential inaccuracy to MaxMind directly via Submit GeoIP Data Corrections | MaxMind.
Hey Sir,
I have sent in DM, could you please check it ?
Thanks!
David
Hi @warkolm,
My VPS 403 
curl -qs ipinfo.io
{
"ip": "92.118.148.153",
"hostname": "aline104872.vds",
"city": "Riga",
"region": "Riga",
"country": "LV",
"loc": "56.9460,24.1059",
"org": "AS50979 ITL LLC",
"postal": "LV-1001",
"timezone": "Europe/Riga",
"readme": "https://ipinfo.io/missingauth"
curl -qs ipinfo.io
{
"ip": "176.124.215.3",
"hostname": "mynl.local",
"city": "Amsterdam",
"region": "North Holland",
"country": "NL",
"loc": "52.3740,4.8897",
"org": "AS207651 Hosting technology LTD",
"postal": "1012",
"timezone": "Europe/Amsterdam",
"readme": "https://ipinfo.io/missingauth"
curl -qs ipinfo.io
{
"ip": "193.200.17.90",
"city": "Warsaw",
"region": "Mazovia",
"country": "PL",
"loc": "52.2298,21.0118",
"org": "AS62005 BlueVPS OU",
"postal": "00-002",
"timezone": "Europe/Warsaw",
"readme": "https://ipinfo.io/missingauth"
Hello, can you unblock that one please ?
Ty
-
ip:"91.107.161.155",
-
hostname:"static.155.161.107.91.clients.your-server.de",
-
city:"Gunzenhausen",
-
region:"Bavaria",
-
country:"DE",
-
loc:"49.1166,10.7597",
-
org:"AS24940 Hetzner Online GmbH",
-
postal:"91710",
-
timezone:"Europe/Berlin",
Hey,
Could I also be whitelisted on the apt repository :
curl -qs ipinfo.io
{
"ip": "140.238.174.78",
"city": "Zürich",
"region": "Zurich",
"country": "CH",
"loc": "47.3667,8.5500",
"org": "AS31898 Oracle Corporation",
"postal": "8000",
"timezone": "Europe/Zurich",
"readme": "https://ipinfo.io/missingauth"
}