U

19 Messages

Tuesday, March 26th, 2024 6:16 PM

Closed

Access Denied Error when on Xfinity Wifi

Hopefully others see this outside of just Xfinity.  

I have been getting Access Denied errors on various websites when I go through my Xfinity Gateway.  When I run through my VPN the error goes away.  That's because I am now masked.  The same happens on any Android phone in my house that goes through the Xfinity Gateway.  When I turn off the wifi and go through my Cell Network everything works fine.  I have access to IT specialists at Siemens, plus I myself am EXTREMELY knowledgeable about how internet addresses and security protocols work. I have also spoken with other highly trained IT specialists.  In all occasions they have said the problem is with Xfinity, not my PC or my router settings, or my VPN or firewall.  It also has nothing to do with my browser, cookies, cache, etc. Nor is the problem that my IP is blacklisted, as you can go online and find that out with a simple mouse click.

The only way I can work effectively on my PC is through my VPN.  Some sites recognize VPN's and thus I get blocked.  In those situations it must be turned off, and fortunately that is few and far between.  However, sites like United.com, Southwest.com (which I have two accounts for my frequent travel requirements) get blocked.  I can't check-in, book a flight, log into my accounts, or anything.  There are countless other sites as well with the same problem.  Fortunately for me I can access United and Southwest through my VPN or with my cell phone using Cellular data and not through my gateway.  Xfinfity is aware of this issue and really doesn't care to get it resolved.  If you call their help line they will do three things in this specific order.  First, reset your modem.  Second, send out a tech to change out the modem.  Third, blame your system.  I find it comical that the third solution somehow proves the issue is my system when everything works fine when not using the Xfinity gateway. I can setup a hotspot anywhere and not have a problem.  I can install a non Xfinity modem to solve the problem, only to have it once again return in a few days.  The problem is with Xfinity. 

Official Employee

 • 

1.1K Messages

7 months ago

 

user_b5m23x Hello! Thank you for sharing the trouble you are having with accessing certain sites, and for taking all the steps you have to try and resolve the issue. I'm sorry that we have not been able to offer a resolution. I know you have work arounds, but it's absurd to have to use them in order to do something as simple as check in for your flight. I would love to help out and help get you to the right team that can investigate this and see if it's a routing issue or something else that is failing. It sounds like you have worked with our frontline teams already, but they have not been able to create a ticket for the right team. I think that our Security Assusrance team would be the right team to contact. Typically if there is an issue that we can't resolve with our normal troubleshooting steps a ticket would be created for a repair team. Since that's not happening you can try to contact the security team directly by phone. Their number and hours are listed here: https://internetsecurity.xfinity.com/help/report-abuse
Out of curiosity do you have the option to hardwire to the modem and test the sites? That would help offer more details as to what could be causing the error

 

19 Messages

@XfinityPaula​ Hardwired has the same issue. 

Official Employee

 • 

1.1K Messages

@user_b5m23x Thank you for testing that as well. I can try to run through some things on my side, most of it will be the basic steps your have taken already, but I can try to create a ticket for us instead of booking the repair appointment. Please send us a direct message with your name and service address. I am happy to dig into this and help find the resolution. 

To send a direct message, please click on the chat icon in the top-right corner of the screen, and select "Xfinity Support" to initiate a live chat. 
Click "Sign In" if necessary
Click the "direct messaging" icon or https://comca.st/3J0ir1l
Click the "New message" (pencil and paper) icon
Type "Xfinity Support" in the "To:" line and select "Xfinity Support" from the drop-down list which appears. The "Xfinity Support" graphic replaces the "To:" line
Type your message in the text area near the bottom of the window
Press Enter to send it

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

2 Messages

I am having this same issue. 

I turned my modem off overnight and got a new ip address and that fixed it for a few days but now the issue came back even on the new ip. 

This is definitely an xfinity issue.

I don't use an xfinity gateway so the xfinity reps insisted that it's my modem/router.

@user_b5m23x if I had to guess it started working when switching to a non xfinity gateway because the gateway forced a new ip address to be assigned but it got blocked a short time later.

Something seems to be up

(edited)

19 Messages

7 months ago

It doesn't matter what modem you use.  The problem will continue to return.  Once you get a new IP address the issue returns usually around day 5, give or take.  Fortunately I live in a community that has an agreement with Xfinity which expedites all problems.  Our community is large enough for the HOA to have negotiated this within the contract.  I am currently at the engineering level of support and they have been unable to locate the issue.  What we may do next is create two internet connections and separate gateways. I will put just two PC's on one, and all the other devices on the other.  We shall see if there happens to be a device that is causing my IP to get flagged.  If both go down then it just continues to provide evidence that the problem is downstream of my router. 

2 Messages

Based on my understanding, This seems to be connected to an akamai web scraping block (for me at least) https://www.akamai.com/newsroom/press-release/akamai-announces-content-protector-to-stop-scraping-attacks

for some reason these sites use akamai for protection and akamai keeps saying that my ip is being used for web scraping.

You can check your ip on their site.

Problem is that xfinity reps are all clueless and anytime you mention ip needing to be renewed by phone or chat they just tell you how to renew your private ip which is useless. 

Not sure why these are called "tech support reps" if they don't understand the basics of how isp and dhcp leases work.

(edited)

5 Messages

FYI, I am seeing the same issue propagating to additional sites every month. I checked my current public IP at akamai and it is not listed as malicious or suspect, yet the behavior continues, so while that doesn't mean Akamai is not at fault for some cases, clearly they are not the only ones. If I had to hypothesize, given my background in networking and cyber, I suspect that there is a complex issue at play here along the possible line of:

1. Xfinity network is used for malicious purposes or someone clones an Xfinity IP address range when mounting an attack

2. Multiple firewall vendors mark the IP addresses as malicious

3. Eventually those IP addresses get recycled to law abiding customers.

4. Those customers are blocked as the IP addresses are still flagged.

If I am correct then Xfinity has a simple engineering problem where they need to intake reports from vendors and pull malicious IP addresses out of circulation until the flags clear.

(edited)

Gold Problem Solver

 • 

26K Messages

7 months ago

... I have been getting Access Denied errors on various websites ...

"Access Denied / You don't have permission" messages are issued by the destination site, not by Comcast. These typically result when a person or a program (malware?) using your Internet service is doing something target servers don't like. You'll probably need to ask the sites admins for help with this.

Please be aware that there are 2 kinds of responses in this Forum: Replies and Comments. When you Comment on a post by scrolling down to "Comment on this post here...", I am notified of your response. But if you select Reply, I am NOT notified and may not be aware of your response.

19 Messages

@BruceW​ nope. I am fully aware of how sites and the web work. So if my statement doesn't mean much to you then three other IT experts should. One of which works at Siemens and does their networking. All including Xfinity have messed with my house. Plus an Android phone does NOT have anything which you mention above. All Android phones that come into my house have the same problem.

(edited)

Visitor

 • 

2 Messages

7 months ago

I am having the same issue with multiple sites and have been doing some testing ipand found that if I use the xfinitywifi instead of the gatewayI can get to all the blocked sites. I'm going to leave it connected for a few days to the xfinitywifi and see if the issue returns.

19 Messages

@Kvotenz​ XfinityWifi doesn't come with your normal subscription.  It is an Add-on.  I don't plan to pay for more just to fix a problem that is related to Xfinity's system. 

Official Employee

 • 

1K Messages

 

user_b5m23x, @Kvotenz , connecting to XFINITYWifi hotspots is a feature of most of our internet service plans. Details here: https://www.xfinity.com/support/articles/xfinity-mobile-wifi-hotspots
 
We do have a separate WiFi service for non-subscribers to home services as well. Details here: https://www.xfinity.com/learn/internet-service/wifi
 
@Kvotenz, what sites are you having trouble with?

 

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

Visitor

 • 

2 Messages

@ XfinityFrank. The websites that I know of so far are:

Kroger.com

Bjs.com 

Jcpenny.com 

Lowes.com 

Homedepot.com 

United.com

Southwest.com

Cabelas.com 

Basspro.com

Official Employee

 • 

1.1K Messages

@Kvotenz, thanks for checking those and letting us know. When you get a chance, can you send us a direct message so we can take a deeper look into it and get is escalated for the thread?

 

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

19 Messages

Test update.  We are now running an Xb6 and an Xb8.  After three days the Xb8 started blocking sites.  The Xb6 is still working fine. Here is one example of a link that gets blocked. 

https://tjmaxx.tjx.com/store/jump/product/Leather-Waterproof-Cap-Toe-Gallivanter-Golf-Shoes/1000862953

Yes in both cases we setup new IP addresses for each line.  They started out working fine, but not now. 

Two of the sites above I am seeing the same problems.  United.com and Southwest.com as well.  I also have problems on the Krispy Kreme and Pizza Hut websites. 

(edited)

Gold Problem Solver

 • 

26K Messages

7 months ago

... We are now running an Xb6 and an Xb8.  After three days the Xb8 started blocking sites ...

When you change from one Xfinity gateway to another, even if both are the same model, your public IP changes. If abusive traffic continues to arrive from the "new" IP, security measures at destination sites will block traffic from it, and the "Access Denied / You don't have permission" messages will resume. Note that Xfinity's gateways don't issue those messages when they block traffic. Those come from the destination sites.

As stated above, something using your Internet service is doing behaving in a way those target servers don't like.

Please be aware that there are 2 kinds of responses in this Forum: Replies and Comments. When you Comment on a post by scrolling down to "Comment on this post here...", I am notified of your response. But if you select Reply, I am NOT notified and may not be aware of your response.

(edited)

19 Messages

@BruceW​ if you read everything above everyone already knows that Access Denied messages come from the site itself. 

Everyone here also knows that two gateways provide two separate IP addresses.  They have to as each have different MAC addresses.  Next, nothing that is on the Xb8 uses either a firewall, VPN or blocker which would trigger a security alert on TJMax website.  The access denied message comes off a standard Android phone that is used by millions.  As such it's impossible for the Android phone to be setting off any type of firewall block.  The only way an Access Denied would occur in this situation is if the IP address was blacklisted. Well, it isn't as already mentioned above.  Please read all the posts when trying to provide valuable input so information isn't duplicated. 

19 Messages

@BruceW​ well well well.  Here is the end result.  After a year of being a major pain in the proverbial arse to Xfinity, and spending hundreds of hours on this issue, they finally admitted that the problem is NOT me.  (You don't say.)  Here is the real problem, and it's actually occurring in a regional area of the Xfinity network.  That includes Georgia, Florida and some other areas.

All the sites that are blocking me (and others) use the same firewall software.  It is actually a very large number of sites. That software is blocking certain IP addresses that are being used by Xfinity.  When you get a new modem and they issue you a new IP address you run the risk of it eventually getting blocked.  The National Escalation Team at Xfinity has seen this problem before and 4 months were required to have the software company make changes to their firewall.  Who knows how long it will happen again.  The NET also created an Incident Ticket to notify Tiers 1 and 2 of the ongoing problem. Thus they can now stop just blaming the end user, which is their normal routine at Xfinity. (Just look up and read through this post.)

So how did I discover this information? It's because I have been a royal pain to the technical support team and their manager.  If I wasn't in an HOA with a community contract I would not have access to these people.  After over year of fighting them they sent a message to the National Escalation Team which contacted me directly to get information on what I was witnessing.  End result was finally getting the Engineering team to find the problem, and now seek a solution. 

It's sad that an end user has to do the job of Xfinity.  They are a bunch of morons. The company owes me BIG TIME but of course probably won't do anything unless I scream and shout, and shout some more.  Comcast has done some stupid things over the years.  It eventually caused me in the 1990's to use AT&T and vow to NEVER use their company.  However I am now forced to do so with our HOA.  I have no other choice except for Satellite or Cellular Networks both of which are SLOW. 

Your welcome Xfinity!

5 Messages

I am in the Pacific Northwest and seeing the same. Do you have any details on this that you could share? 

1 Message

@user_b5m23x​ 

Thanks for all the info. As a technically challenged person what can I do to get some attention from Xfinity.  I have an iPhone, iPad and laptop and cannot access the United Airlines website or app from any of them. I get the same error message, access denied you don’t have permission…I finally was able to access the site on my iPhone when I shut off WiFi.🙄

Gold Problem Solver

 • 

26K Messages

7 months ago

... As such it's impossible for the Android phone to be setting off any type of firewall block ...

If the phone is using your Xfinity Wifi, a site which has blocked your public IP will block all traffic from it, including traffic from an Android phone. If the phone is switched to cell data it will be assigned a new public IP and traffic will (probably) resume.

... The only way an Access Denied would occur in this situation is if the IP address was blacklisted ...

Sites maintain their own internal blacklists, and when your public IP is added to one and you try to reach the site, it responds with "Access Denied / You don't have permission" messages.

And again:

When you Comment on a post by scrolling down to "Comment on this post here...", I am notified of your response. But if you select Reply, I am NOT notified and may not be aware of your response.

(edited)

19 Messages

@BruceW​ Not true.  I can access the site through the same Wifi using any Apple Phone. If they are blocking the IP address then anything going through that router will get blocked.  It doesn't.  Even when Xfinity tech's arrive their iPhones work fine, but there personal Android phones don't.  As mentioned above already I have had a Siemens IT expert, several Xfinity engineers involved, myself (which is highly educated on networks), and another close friend who has done networking for 20 years.  Everyone says the same thing, it appears to be nothing I am running or doing and something with the Xb8 or downstream through Xfinity.  As of now I have switched everything (except Ring and NEST) over to the Xb6.  So far nothing is being blocked.  Only time will tell if it stays that way.  If so...well..????

Oh, and I am hitting reply, that's why the @BruceW is showing up. If you aren't getting notified it's not the reason you indicate above. 

(edited)

5 Messages

6 months ago

I am seriously considering buying my own modem and router to replace the Xfinity device given that the XB7 I have does not allow users to release/request a new IP address. Having my own modem would at least allow me to clone the MAC address from one of my dozens of devices, which should generate a new IP address when rebooted. Fugly workaround but it might be the easiest.

19 Messages

@user_yio4jw​ here is your problem with that.  Your router's MAC address is assigned an IP by the ISP.  Cloning it to another router doesn't change the underlying problem with Akamai.  Once an IP is tagged to a specific MAC address and then flagged for web scraping you will not be able to access sites with firewall algorithms that use the database for which you are flagged. There is absolutely no solution for you other than to have the ISP give you another IP address, or to have your current IP removed from the web scraping database. I have contacted Aklamai for my scenario and they will not make any adjustment without being contacted by Xfinity.  The problem is with Xfinity and they are the only people that can resolve this issue.

As for my problem, it has not been resolved.  The National Escalation Team at Xfinity is still working on my problem and my ticket has not been closed.  The Engineering team should be working on this issue directly with Akamai, but of course I have no access to them.  I am just hoping, waiting and praying at this point.

Visitor

 • 

1 Message

We are in the same boat. Xfinity sent out a tech and changed some things including modem.  Worked for two days but now access denied.  DOES ANYONE HAVE A SOLUTION???   This is so annoying.  

19 Messages

@imrobe​ for my problem nothing has changed yet.  Xfinity has been trying to get Akamai to work with them and resolve this problem since it happens to many of their customers.  As of this moment Akamai doesn't seem to really care about fixing the problem.  All we can hope is that Xfinity decides to be a big enough pain in their arse they finally decide to do something.

(edited)

Frequent Visitor

 • 

9 Messages

5 months ago

This discussion has been enlightening, but I'm not sure it addresses my related problem, which is:

Accessing my Comcast email addresses. On my laptop (MacOS 14.5) I can access all my email accounts via Apple Mail (gmail, iCloud, ATT), except  NOT my Comcast addresses. They are blocked and the message is "Online Status - Temporarily blacklisted IP Address - try again later."

Oddly, I can access those and all email addresses via my iPad and my iPhone (all using the same local LAN as my laptop), but NOT via my laptop which is using the same LAN wirelessly. 

xfinity blames Apple  (and the user) but I think it is more than that based on this discussion.  Any ideas?  Thx.

19 Messages

@Tsmyth2​ Did you check your IP address using both methods?  Most likely only one is being blocked.  You can get blacklisting information online. 

https://whatismyipaddress.com/blacklist-check

Official Employee

 • 

3.8K Messages

Hello @Tsmyth2, thanks for taking the time to reach out to our team on Forums. We value you as a customer and my team is here to support you. I am sorry to hear you're also experiencing issues with your email. My team would be more than happy to further assist you with this.

 

Just for troubleshooting purposes, the only device you're unable to access the Xfinity email on is your Apple laptop, correct? 

 

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

19 Messages

2 months ago

Final update. It appears the escalation department finally got Engineering to work with Akamai to resolve the issue. I am no longer receiving access denied errors on any of the Akamai websites. Let's hope nothing changes. 

forum icon

New to the Community?

Start Here