Are you getting 403's when downloading? Please read here first

warkolm · February 8, 2023, 2:52am

@olaflaugdern this is on the Hetzner ASN and that one has a blanket approval. If you are getting 403 errors please share your logs.

BlueIceAce · February 15, 2023, 6:33am

Hey, @warkolm
As you suggested, I'm writing my info about blocking error in this post:

curl ipinfo.io
{
  "ip": "5.181.27.38",
  "hostname": "bonanzapartners.com",
  "city": "London",
  "region": "England",
  "country": "GB",
  "loc": "51.5085,-0.1257",
  "org": "AS202422 G-Core Labs S.A.",
  "postal": "EC1A",
  "timezone": "Europe/London",
  "readme": "https://ipinfo.io/missingauth"
}

fvtarnovskiy · February 16, 2023, 5:52am

We are a cloud provider from Uzbekistan pro-data.tech (https://pro-data.tech/).
Please help in solving the problem - when trying to access Elastic, we get an error code 403 from all our addresses (95.47.127.0/24).

curl -vvl "https://epr.elastic.co/search?package=system&internal=true&kibana.version=7.16.1"

Trying 34.120.127.130:443...
Connected to epr.elastic.co (34.120.127.130) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.0 (OUT), TLS header, Certificate Status (22):
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS header, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS header, Finished (20):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.2 (OUT), TLS header, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN, server accepted to use h2
Server certificate:
subject: CN=appsearch.elastic.co
start date: Jan 8 23:21:29 2023 GMT
expire date: Apr 9 00:14:40 2023 GMT
subjectAltName: host "epr.elastic.co" matched cert's "epr.elastic.co"
issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1D4
SSL certificate verify ok.
Using HTTP2, server supports multiplexing
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
Using Stream ID: 1 (easy handle 0x5627ef747550)
TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /search?package=system&internal=true&kibana.version=7.16.1 HTTP/2
Host: epr.elastic.co
user-agent: curl/7.81.0
accept: /

TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
old SSL session ID is stale, removing
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 403
< content-length: 134
< content-type: text/html; charset=UTF-8
< date: Tue, 14 Feb 2023 11:54:07 GMT
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
Connection #0 to host epr.elastic.co left intact
<!doctype html>403403 Forbiddenro

fvtarnovskiy · February 17, 2023, 6:02am

Hello, @warkolm
Please unblock our addresses 95.7.127.0/24

curl ipinfo.io
{
"ip": "95.47.127.239",
"city": "Tashkent",
"region": "Tashkent",
"country": "UZ",
"loc": "41.2647,69.2163",
"org": "AS213029 PRO DATA-TECH Ltd.",
"timezone": "Asia/Tashkent",
"readme": "IP Address data API - IPinfo.io"
}

fvtarnovskiy · February 24, 2023, 12:11pm

Hello, @warkolm
Please unblock our addresses 95.7.127.0/24

curl ipinfo.io
{
"ip": "95.47.127.239",
"city": "Tashkent",
"region": "Tashkent",
"country": "UZ",
"loc": "41.2647,69.2163",
"org": "AS213029 PRO DATA-TECH Ltd.",
"timezone": "Asia/Tashkent",
"readme": "IP Address data API - IPinfo.io"
}

sh4de · February 27, 2023, 4:51pm

Hello, @warkolm
Could I also be whitelisted?

  "ip": "185.79.247.9",
  "city": "Vilnius",
  "region": "Vilnius",
  "country": "LT",
  "loc": "54.6892,25.2798",
  "org": "AS62282 UAB Rakrejus",
  "postal": "01001",
  "timezone": "Europe/Vilnius",
  "readme": "https://ipinfo.io/missingauth"
}```

HostedPower · March 2, 2023, 3:37pm

Hello Guys, we're also in this 403 NIGHTMARE. We see so many deploys fail, what is going on?

I tried this:

curl -qs ipinfo.io
{
"ip": "94.237.111.36",
"hostname": "stag1.denotenshop.nl",
"city": "Amsterdam",
"region": "North Holland",
"country": "NL",
"loc": "52.3740,4.8897",
"org": "AS202053 UpCloud Ltd",
"postal": "1012",
"timezone": "Europe/Amsterdam",
"readme": "IP Address data API - IPinfo.io"

It's clearly Amsterdam, why is it blocked with 403 ? We use a lot of servers in the 94.237 range ...

fvtarnovskiy · March 3, 2023, 6:41am

Hello, @warkolm
Please unblock our addresses 95.7.127.0/24

curl ipinfo.io
{
"ip": "95.47.127.239",
"city": "Tashkent",
"region": "Tashkent",
"country": "UZ",
"loc": "41.2647,69.2163",
"org": "AS213029 PRO DATA-TECH Ltd.",
"timezone": "Asia/Tashkent",
"readme": "IP Address data API - IPinfo.io"
}

HostedPower · March 3, 2023, 12:31pm

Are you actively searching for a solution? This is going on for months, I suppose you should change to a more reliable service? It doesn't make any sense there are so many mistakes in the geolocation.

We're blocked here too:

94.237.110.92

All deployments fail, this is not something fun

HostedPower · March 6, 2023, 1:47pm

It seems the ipv6 is failing:

curl -6 v6.ipinfo.io

403 Forbidden

Error: Forbidden

Your client does not have permission to get URL `/` from this server.

Sample ivp6: 2a04:3544:1000:1510:3cc8:64ff:fefa:60f6

warkolm · March 6, 2023, 6:22pm

Can you confirm the URL you are requesting there please?

HostedPower · March 6, 2023, 9:05pm

Most of the times this URL (or variations on it):

Failed to download key at https://artifacts.elastic.co/GPG-KEY-elasticsearch: HTTP Error 403: Forbidden

hvtilborg · March 9, 2023, 9:01am

We get 403s when we are trying to connect over IPv6:

     Comment: An error was encountered while checking the newest available version of package(s): E: Failed to fetch https://artifacts.elastic.co/packages/8.x/apt/dists/stable/InRelease  403  Forbidden [IP: 2600:1901:0:1d7:: 443]

And this is the IPv6 range we are connecting from:

$ curl v6.ipinfo.io
{
  "ip": "2a04:3544:1000:1510::/64",
  "city": "Helsinki",
  "region": "Uusimaa",
  "country": "FI",
  "loc": "60.1695,24.9354",
  "org": "AS202053 UpCloud Ltd",
  "postal": "00100",
  "timezone": "Europe/Helsinki",
  "readme": "https://ipinfo.io/missingauth"
}

HostedPower · March 10, 2023, 9:55am

any update? We still see a lot of errors, also on this ip for example:

2a04:3544:1000:1510:3cc8:64ff:fefa:65da

curl v6.ipinfo.io
{
"ip": "2a04:3544:1000:1510:3cc8:64ff:fefa:65da",
"city": "Helsinki",
"region": "Uusimaa",
"country": "FI",
"loc": "60.1695,24.9354",
"org": "AS202053 UpCloud Ltd",
"postal": "00100",
"timezone": "Europe/Helsinki",
"readme": "IP Address data API - IPinfo.io"
}

But we have daily problems, with 10's of ip's, why is this?

HostedPower · March 14, 2023, 7:36am

It appears to be working on those ipv6 now, anything changed/found ?

aalekseev856 · March 14, 2023, 1:01pm

Getting 403

MY IP

  "ip": "45.67.228.175",
  "hostname": "forms.raccoin-mix.com",
  "city": "Meppel",
  "region": "Drenthe",
  "country": "NL",
  "loc": "52.6958,6.1944",
  "org": "AS44477 STARK INDUSTRIES SOLUTIONS LTD",
  "postal": "7941",
  "timezone": "Europe/Amsterdam",
  "readme": "https://ipinfo.io/missingauth"

GET - E: Failed to fetch https://artifacts.elastic.co/packages/8.x/apt/pool/main/f/filebeat/filebeat-8.6.2-amd64.deb  403  Forbidden [IP: 34.120.127.130 443]

warkolm · March 14, 2023, 6:43pm

I haven't heard anything sorry.

ali.sharjeel · March 23, 2023, 7:27am

Hi Mark!
I am facing IP on below servers

My IPs:
45.61.137.97
206.166.251.169

curl -qs ipinfo.io
{
  "ip": "206.166.251.169",
  "city": "Amsterdam",
  "region": "North Holland",
  "country": "NL",
  "loc": "52.3740,4.8897",
  "org": "AS399629 BL Networks",
  "postal": "1012",
  "timezone": "Europe/Amsterdam",
  "readme": "https://ipinfo.io/missingauth"
}

 curl -qs ipinfo.io
{
  "ip": "45.61.137.97",
  "city": "Amsterdam",
  "region": "North Holland",
  "country": "NL",
  "loc": "52.3740,4.8897",
  "org": "AS399629 BL Networks",
  "postal": "1012",
  "timezone": "Europe/Amsterdam",
  "readme": "https://ipinfo.io/missingauth"
}

Eric.EDDN · March 23, 2023, 10:17am

Hi,

Unfortunately, I am facing the same problem. I understand the problem but some better / more accurate solution would be very desirable.

My IP: 162.55.63.113

{
  "ip": "162.55.63.113",
  "city": "Burgkirchen an der Alz",
  "region": "Bavaria",
  "country": "DE",
  "loc": "48.1675,12.7325",
  "org": "AS24940 Hetzner Online GmbH",
  "postal": "84508",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"
}

Kseniya_Schwarz · April 4, 2023, 9:06am

Same issue:
curl -qs ipinfo.io

{
  "ip": "209.192.229.103",
  "city": "Dallas",
  "region": "Texas",
  "country": "US",
  "loc": "32.7831,-96.8067",
  "org": "AS7979 Servers.com, Inc.",
  "postal": "75201",
  "timezone": "America/Chicago",
  "readme": "https://ipinfo.io/missingauth"
}

Are you getting 403's when downloading? Please read here first

Error: Forbidden

Your client does not have permission to get URL / from this server.

Getting 403

Your client does not have permission to get URL `/` from this server.