@olaflaugdern this is on the Hetzner ASN and that one has a blanket approval. If you are getting 403 errors please share your logs.

Hey, @warkolm
As you suggested, I'm writing my info about blocking error in this post:

curl ipinfo.io
{
  "ip": "5.181.27.38",
  "hostname": "bonanzapartners.com",
  "city": "London",
  "region": "England",
  "country": "GB",
  "loc": "51.5085,-0.1257",
  "org": "AS202422 G-Core Labs S.A.",
  "postal": "EC1A",
  "timezone": "Europe/London",
  "readme": "https://ipinfo.io/missingauth"
}

We are a cloud provider from Uzbekistan pro-data.tech (https://pro-data.tech/).
Please help in solving the problem - when trying to access Elastic, we get an error code 403 from all our addresses (95.47.127.0/24).

image548×812 49.2 KB

curl -vvl "https://epr.elastic.co/search?package=system&internal=true&kibana.version=7.16.1"

• Trying 34.120.127.130:443...
• Connected to epr.elastic.co (34.120.127.130) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• CAfile: /etc/ssl/certs/ca-certificates.crt
• CApath: /etc/ssl/certs
• TLSv1.0 (OUT), TLS header, Certificate Status (22):
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
• TLSv1.2 (IN), TLS header, Certificate Status (22):
• TLSv1.3 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS header, Finished (20):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
• TLSv1.3 (IN), TLS handshake, Certificate (11):
• TLSv1.3 (IN), TLS handshake, CERT verify (15):
• TLSv1.3 (IN), TLS handshake, Finished (20):
• TLSv1.2 (OUT), TLS header, Finished (20):
• TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.3 (OUT), TLS handshake, Finished (20):
• SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
• ALPN, server accepted to use h2
• Server certificate:
• subject: CN=appsearch.elastic.co
• start date: Jan 8 23:21:29 2023 GMT
• expire date: Apr 9 00:14:40 2023 GMT
• subjectAltName: host "epr.elastic.co" matched cert's "epr.elastic.co"
• issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1D4
• SSL certificate verify ok.
• Using HTTP2, server supports multiplexing
• Connection state changed (HTTP/2 confirmed)
• Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• Using Stream ID: 1 (easy handle 0x5627ef747550)
• TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /search?package=system&internal=true&kibana.version=7.16.1 HTTP/2
Host: epr.elastic.co
user-agent: curl/7.81.0
accept: /

• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• old SSL session ID is stale, removing
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
  < HTTP/2 403
  < content-length: 134
  < content-type: text/html; charset=UTF-8
  < date: Tue, 14 Feb 2023 11:54:07 GMT
  < alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  <
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• Connection #0 to host epr.elastic.co left intact
  <!doctype html>403403 Forbiddenro

Hello, @warkolm
Please unblock our addresses 95.7.127.0/24

curl ipinfo.io
{
"ip": "95.47.127.239",
"city": "Tashkent",
"region": "Tashkent",
"country": "UZ",
"loc": "41.2647,69.2163",
"org": "AS213029 PRO DATA-TECH Ltd.",
"timezone": "Asia/Tashkent",
"readme": "IP Address data API - IPinfo.io"
}

Hello, @warkolm
Please unblock our addresses 95.7.127.0/24

curl ipinfo.io
{
"ip": "95.47.127.239",
"city": "Tashkent",
"region": "Tashkent",
"country": "UZ",
"loc": "41.2647,69.2163",
"org": "AS213029 PRO DATA-TECH Ltd.",
"timezone": "Asia/Tashkent",
"readme": "IP Address data API - IPinfo.io"
}

Hello, @warkolm
Could I also be whitelisted?

  "ip": "185.79.247.9",
  "city": "Vilnius",
  "region": "Vilnius",
  "country": "LT",
  "loc": "54.6892,25.2798",
  "org": "AS62282 UAB Rakrejus",
  "postal": "01001",
  "timezone": "Europe/Vilnius",
  "readme": "https://ipinfo.io/missingauth"
}```

Hello Guys, we're also in this 403 NIGHTMARE. We see so many deploys fail, what is going on?

I tried this:

curl -qs ipinfo.io
{
"ip": "94.237.111.36",
"hostname": "stag1.denotenshop.nl",
"city": "Amsterdam",
"region": "North Holland",
"country": "NL",
"loc": "52.3740,4.8897",
"org": "AS202053 UpCloud Ltd",
"postal": "1012",
"timezone": "Europe/Amsterdam",
"readme": "IP Address data API - IPinfo.io"

It's clearly Amsterdam, why is it blocked with 403 ? We use a lot of servers in the 94.237 range ...

Hello, @warkolm
Please unblock our addresses 95.7.127.0/24

curl ipinfo.io
{
"ip": "95.47.127.239",
"city": "Tashkent",
"region": "Tashkent",
"country": "UZ",
"loc": "41.2647,69.2163",
"org": "AS213029 PRO DATA-TECH Ltd.",
"timezone": "Asia/Tashkent",
"readme": "IP Address data API - IPinfo.io"
}

Are you actively searching for a solution? This is going on for months, I suppose you should change to a more reliable service? It doesn't make any sense there are so many mistakes in the geolocation.

We're blocked here too:

94.237.110.92

All deployments fail, this is not something fun

It seems the ipv6 is failing:

curl -6 v6.ipinfo.io

Error: Forbidden

Your client does not have permission to get URL / from this server.

Sample ivp6: 2a04:3544:1000:1510:3cc8:64ff:fefa:60f6

Can you confirm the URL you are requesting there please?

Most of the times this URL (or variations on it):

Failed to download key at https://artifacts.elastic.co/GPG-KEY-elasticsearch: HTTP Error 403: Forbidden

We get 403s when we are trying to connect over IPv6:

     Comment: An error was encountered while checking the newest available version of package(s): E: Failed to fetch https://artifacts.elastic.co/packages/8.x/apt/dists/stable/InRelease  403  Forbidden [IP: 2600:1901:0:1d7:: 443]

And this is the IPv6 range we are connecting from:

$ curl v6.ipinfo.io
{
  "ip": "2a04:3544:1000:1510::/64",
  "city": "Helsinki",
  "region": "Uusimaa",
  "country": "FI",
  "loc": "60.1695,24.9354",
  "org": "AS202053 UpCloud Ltd",
  "postal": "00100",
  "timezone": "Europe/Helsinki",
  "readme": "https://ipinfo.io/missingauth"
}

any update? We still see a lot of errors, also on this ip for example:

2a04:3544:1000:1510:3cc8:64ff:fefa:65da

curl v6.ipinfo.io
{
"ip": "2a04:3544:1000:1510:3cc8:64ff:fefa:65da",
"city": "Helsinki",
"region": "Uusimaa",
"country": "FI",
"loc": "60.1695,24.9354",
"org": "AS202053 UpCloud Ltd",
"postal": "00100",
"timezone": "Europe/Helsinki",
"readme": "IP Address data API - IPinfo.io"
}

But we have daily problems, with 10's of ip's, why is this?

It appears to be working on those ipv6 now, anything changed/found ?

Getting 403

MY IP

  "ip": "45.67.228.175",
  "hostname": "forms.raccoin-mix.com",
  "city": "Meppel",
  "region": "Drenthe",
  "country": "NL",
  "loc": "52.6958,6.1944",
  "org": "AS44477 STARK INDUSTRIES SOLUTIONS LTD",
  "postal": "7941",
  "timezone": "Europe/Amsterdam",
  "readme": "https://ipinfo.io/missingauth"

GET - E: Failed to fetch https://artifacts.elastic.co/packages/8.x/apt/pool/main/f/filebeat/filebeat-8.6.2-amd64.deb  403  Forbidden [IP: 34.120.127.130 443]

I haven't heard anything sorry.

Hi Mark!
I am facing IP on below servers

My IPs:
45.61.137.97
206.166.251.169

curl -qs ipinfo.io
{
  "ip": "206.166.251.169",
  "city": "Amsterdam",
  "region": "North Holland",
  "country": "NL",
  "loc": "52.3740,4.8897",
  "org": "AS399629 BL Networks",
  "postal": "1012",
  "timezone": "Europe/Amsterdam",
  "readme": "https://ipinfo.io/missingauth"
}

 curl -qs ipinfo.io
{
  "ip": "45.61.137.97",
  "city": "Amsterdam",
  "region": "North Holland",
  "country": "NL",
  "loc": "52.3740,4.8897",
  "org": "AS399629 BL Networks",
  "postal": "1012",
  "timezone": "Europe/Amsterdam",
  "readme": "https://ipinfo.io/missingauth"
}

Hi,

Unfortunately, I am facing the same problem. I understand the problem but some better / more accurate solution would be very desirable.

My IP: 162.55.63.113

{
  "ip": "162.55.63.113",
  "city": "Burgkirchen an der Alz",
  "region": "Bavaria",
  "country": "DE",
  "loc": "48.1675,12.7325",
  "org": "AS24940 Hetzner Online GmbH",
  "postal": "84508",
  "timezone": "Europe/Berlin",
  "readme": "https://ipinfo.io/missingauth"
}

Same issue:
curl -qs ipinfo.io

{
  "ip": "209.192.229.103",
  "city": "Dallas",
  "region": "Texas",
  "country": "US",
  "loc": "32.7831,-96.8067",
  "org": "AS7979 Servers.com, Inc.",
  "postal": "75201",
  "timezone": "America/Chicago",
  "readme": "https://ipinfo.io/missingauth"
}