Visitor
•
7 Messages
403 errors with Motorola MG7700
Hello,
I am receiving random 403 errors on every device on my home network. For instance, I am receiving a 403 error whenever I visit petfinder.com or onlyfans.com(long story) on two different laptops and two different cell phones that are on the network. The issue persists on WiFi and ethernet. If I use mobile data or another network then I am able to browse to petfinder.com just fine. .
I have tried factory resetting the router and changing the DNS to three different providers but nothing has worked.
I am not sure if it is related but now I am not able to login to my company's OKTA so this is now a priority for me. OKTA recognizes my username by showing me my security image but I am not able to get to the next screen to enter my password and I'm met with a "Unable to sign in" error message.
I am not using a VPN but I have setup a web proxy and it is not capturing the OKTA or petfinder.com errors which leads me to believe traffic is not getting passed the router.
[root@NBWIN0216 ~]$ curl -v petfinder.com* Trying 18.211.161.156:80...* Connected to petfinder.com (18.211.161.156) port 80 (#0)> GET / HTTP/1.1> Host: petfinder.com> User-Agent: curl/7.82.0> Accept: */*>* Mark bundle as not supporting multiuse< HTTP/1.1 403 Forbidden< Server: awselb/2.0< Date: Tue, 24 May 2022 22:22:35 GMT< Content-Type: text/html< Content-Length: 118< Connection: keep-alive<<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>* Connection #0 to host petfinder.com left intact[root@NBWIN0216 squid]# traceroute petfinder.comtraceroute to petfinder.com (52.7.109.30), 30 hops max, 60 byte packets 1 _gateway (172.24.144.1) 0.511 ms 0.556 ms 0.562 ms 2 192.168.0.1 (192.168.0.1) 23.991 ms 21.079 ms 23.983 ms 3 96.120.75.9 (96.120.75.9) 27.477 ms 31.958 ms 31.954 ms 4 24.124.225.53 (24.124.225.53) 28.439 ms 32.409 ms 31.085 ms 5 68.86.210.205 (68.86.210.205) 29.793 ms 32.365 ms 29.786 ms 6 162.151.210.53 (162.151.210.53) 31.135 ms 32.084 ms 32.043 ms 7 be-98-ar03.plainfield.nj.panjde.comcast.net (68.85.35.37) 32.714 ms 12.426 ms 11.903 ms 8 be-31133-cs03.newark.nj.ibone.comcast.net (96.110.42.41) 13.135 ms be-31143-cs04.newark.nj.ibone.comcast.net (96.110.42.45) 31.286 ms be-31133-cs03.newark.nj.ibone.comcast.net (96.110.42.41) 31.268 ms 9 be-2102-pe02.newark.nj.ibone.comcast.net (96.110.37.50) 31.313 ms be-2302-pe02.newark.nj.ibone.comcast.net (96.110.37.58) 33.269 ms be-3111-pe11.philadelphia.pa.ibone.comcast.net (96.110.36.130) 31.677 ms10 50.242.150.106 (50.242.150.106) 37.602 ms 23.30.207.38 (23.30.207.38) 35.179 ms 31.648 ms11 52.93.60.245 (52.93.60.245) 35.227 ms * *12 * * 52.93.60.81 (52.93.60.81) 31.595 ms13 * * *14 * * *15 * * *16 * * *17 * * *18 * * *19 52.93.28.222 (52.93.28.222) 20.086 ms * *20 * * *21 * * *22 * * *23 * * *24 * * *25 * * *26 * * *27 * * *28 * * *29 * * *30 * * *Thanks,
[Edit: PII]
user_536f94
Visitor
•
7 Messages
3 years ago
Today, it is working, but I am positive that it will happen again in the future.
1
0
user_536f94
Visitor
•
7 Messages
3 years ago
Hello,
The 403 error with petfinder.com has popped up again and I have found that hudsoncountyclerk.org is also giving me a 403(I am sure there are others). Just to reiterate, changing browsers(chrome/edge/firefox) or devices does not fix the issue. I am pretty positive it is a networking issue because if I take the device to another WiFi or mobile network the URLs will not throw a 403 error.
4
0
BruceW
Gold Problem Solver
•
26.3K Messages
3 years ago
403 "Not authorized/You don't have permission" messages are issued by the target servers, not by Comcast. They usually mean the servers have seen traffic from your public IP address that for whatever reason, they don't like. Normally I'd suggest changing the MAC address of your router and rebooting, to force Comcast's DHCP servers to issue a new public IP to see if that clears the problem, but I can't find a way to change the MAC address of the router component of the MG7700.
However you could still conduct this test by putting the MG7700 in bridge mode (see "MG7700 - Put into bridge mode" on https://help.motorolanetwork.com/hc/en-us/articles/115007129847-How-Do-I-Put-My-Cable-Modem-Router-Combo-also-called-a-Gateway-into-Bridge-Mode-So-I-Can-Connect-Another-Router-behind-It-). Then, with an Ethernet-cabled laptop or desktop connected to the gateway, when you reboot the MG7700 it should present the laptop's MAC to Comcast's DHCP server which should then issue a new public IP address.
If you do that do you still get the 403 errors from the problem sites?
Please be aware that there are 2 kinds of responses in this Forum: Replies and Comments. When you Comment on a post by scrolling down to "Comment on this post here...", I am notified of your response. But if you select Reply, I am NOT notified and may not be aware of your response.
(edited)
0
zip21222
Contributor
•
160 Messages
3 years ago
@user_536f94
Interestingly, every one of the sites you've mentioned are hosted by Amazon Web Services.
Perhaps it would be worth asking Amazon if they know of any Comcast<->AWS issues, or have any additional troubleshooting tools for you.
HTH
0
0
BruceW
Gold Problem Solver
•
26.3K Messages
3 years ago
Please see https://community.akamai.com/customers/s/article/Why-is-Akamai-blocking-me?language=en_US (thanks to @Hemingray42 for finding that page). I'm guessing (maybe incorrectly) that AWS is similar.
"Access Denied / You don't have permission" messages are typically issued by the destination site. A person or a program is using an Internet resource in a way the manager of that resource doesn't like. Customers having this problem will need to contact the site's admins for help with this.
Please be aware that there are 2 kinds of responses in this Forum: Replies and Comments. When you Comment on a post by scrolling down to "Comment on this post here...", I am notified of your response. But if you select Reply, I am NOT notified and may not be aware of your response.
(edited)
0
user_536f94
Visitor
•
7 Messages
2 years ago
I am now getting denied by Venmo(https://venmo.com/) with this message...
(edited)
0
0
zip21222
Contributor
•
160 Messages
2 years ago
@user_536f94
Not the most informative error message, but I think what it's saying is that Cloudflare hosts the Venmo site and that Venmo's server is either rejecting or ignoring your request.
There's multiple possible reasons for this, but I think the most likely is that Venmo thinks the address you're connecting from has a bad reputation for some reason.
First thing I'd do is contact Venmo directly if possible (have your public IP handy).
HTH
0
0
BruceW
Gold Problem Solver
•
26.3K Messages
2 years ago
"CloudFront" <> "Cloudflare". "CloudFront" is an Amazon Web Services offering. "Cloudflare" is a completely separate corporation. See https://en.wikipedia.org/wiki/Amazon_CloudFront and https://en.wikipedia.org/wiki/Cloudflare.
But I agree with your suggestion that the next step is to ask Venmo's admins for help with the problem. The user will probably need their public IP, which they can get from https://www.google.com/search?q=what+is+my+IP.
Please be aware that there are 2 kinds of responses in this Forum: Replies and Comments. When you Comment on a post by scrolling down to "Comment on this post here...", I am notified of your response. But if you select Reply, I am NOT notified and may not be aware of your response.
1
0
jasongil
Visitor
•
15 Messages
2 years ago
I'd go with with with BruceW suggested - try and get a new IP.
As others have pointed out, the common thread seems to be that the sites are hosted in AWS with CloudFront. A feature of that is allowing / denying IPs based on reputation. Perhaps whoever had that IP before you was malicious which led to a low reputation and it no longer being trusted.
More info: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html#aws-managed-rule-groups-ip-rep-amazon
1
0