I've come across this annoyances. Googling does not help. There are people experience similar problem and there is a 'solution' of it. Which is restarting your router.



One thing, i could not replicate the problem to find the root cause on what triggering this problem. But this problem will happened twice or more within a week. My solution is restarting PPPOE connection and this will resolve. Not all sites is returning the access denied. Most sites working fine. These are the sites that give the access denied error

https://www.cimbclicks.com.my/
https://store.steampowered.com/
https://www.playstation.com/
https://www.jbhifi.com.au/

Things that i tried which is NOT working to resolve the issue.

1. Flushing DNS at client level
2. Flushing DNS at router level
3. Change DNS server at client level
4. Change DNS server at router level

5. Tried different browser (pc/laptop/smartphone) all same problem
6. Change router.


Thing i haven't tried is to force traffic on vpn tunnel when the problem happen. I would assume this could resolve the site. I'm expecting there some issue with https traffic that might cause the issue. I do some port forward on port 443 for my ssh connection. That might be the problem, but i have doubts because only these 3 sites that give me problem.

Some DNS test using several DNS resolver. All access denied.

Google DNS:


Cloud Flare:


TM DNS:



I did fiddler capturing the https traffic. There is some problem with the https caching where it is expired. Not an expert about https caching, if anyone can explain why it is expired?




This post has been edited by ruffstuff: Feb 10 2019, 10:14 AM

U need ipv4

Not modem lah

Check whatismyip

If u only got ipv6

U cant access ipv4 website


Keep switch until u got ipv4

what is your originating IP? CIMBclicks specifically is blocking a lot of IP's from outside Malaysia since late December after we highlighted their security issues. This block is on their own servers, so its not a DNS issue. You are reaching CIMBClicks servers, but the server itself is throwing up a forbidden response due to either your originating IP or some other header from your browser that it is rejecting.

@ifourtos i don't think there is any ISP's out there which only gives you IPV6 without IPV4 at this point in time.

It is TM dynamic IP.

[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.1.1/24 192.168.1.0 ether2
1 D 42.191.27.228/32 10.233.33.38 pppoe-out1


When i do reconnect my PPPOE (which is much faster than rebooting router), and been assigned new IP, the problem got resolved. I want to believe the problem is not at ISP level, so im trying to replicate and find how to trigger the access denied thing. I don't think it is application layer issue. Should be somewhere on the transport layer.

*Updated site list.

It could be that these sites is blocking range of IPs for certain period? It looks like it is not only me. So it must be at the ISP/server level.

i got similar problem

cant access your list and this also

asus.com
www.jdsports.my
ikea.com

for now only solution is restart router. After few hour or 1 day got problem back.
already disable ipv6 on router and my pc

any solution?

no solution. Changing ip is the workraound now.

Do you always get 42.191.0.0/16?

I seem to hear a lot of problems for this range of IPs.

I never get 42 on my pppoe so can’t really check.

I havent even seen 42.xxx.xxx.xxx ip range yet. I this range malaysia ips?

I've compiled few IPs that is broken. I'm not sure if the IPs work on certain period or just doesn't work with those websites.
42.191.68.42
42.191.27.228
42.191.90.123
42.191.33.142
42.191.9.11
42.191.49.27
42.191.43.220


Not all 42.191.x.x ips broken. I'm now on 42.191.x.x ips, and it works fine. And the issue seems to be less frequent now. Haven't encounter since few weeks.

Yes, TM owns the range of 42.191.0.0 - 42.191.127.255, so they are currently using it now.

Yea, that's pretty much all 42.191.0.0/16 IP range that is having issues.

This post has been edited by SilentVampire: Mar 24 2019, 10:04 PM

That address space used to belong to Webe. Now TM, of course. But seems like only certain areas will get it. I've never been assigned that before. Usually get 1, 60, 175, etc... but never 42.

I have no problem except jbhifi (access denied), and im almost on 42.xxx.xxx.xxx ip range since late October last year.

p/s: now im on 42.190.xxx.xxx ip range

Jb hifi site block entire geo ips. Can see in the header. You need vpn to access jbhifi.

i got this problem now. using google chrome. access denied to cimbclicks

but if using firefox or edge, no problem.

so its not IP problem, but browser ?

.

This post has been edited by 9876789: Aug 31 2021, 07:07 PM

Hi i found the solution for this problem.

First of all i also got access denied if iwant to access cimbclicks.com.my website. Similar with in the picture on 1st thread. However i can access it via edge and internet explorer i guess it must something wrong with mozilla firefox.

I try to access cimb biz channel . No problem also no problem with cimbclicks.com.sg

So what i did i click cimbclicks.com.my and click on the padlock at the url ( usually for secure https) link it will show padlock.

Then i go to site setting

Then i click clear data and reset permission.

It solved

Thanks for the guide. It works!

Hi,

I had the same problem but clear data and reset permission and reboot router did not work.

What works for me was to clear cache.