I've come across this annoyances. Googling does not help. There are people experience similar problem and there is a 'solution' of it. Which is restarting your router.



One thing, i could not replicate the problem to find the root cause on what triggering this problem. But this problem will happened twice or more within a week. My solution is restarting PPPOE connection and this will resolve. Not all sites is returning the access denied. Most sites working fine. These are the sites that give the access denied error

https://www.cimbclicks.com.my/
https://store.steampowered.com/
https://www.playstation.com/
https://www.jbhifi.com.au/

Things that i tried which is NOT working to resolve the issue.

1. Flushing DNS at client level
2. Flushing DNS at router level
3. Change DNS server at client level
4. Change DNS server at router level

5. Tried different browser (pc/laptop/smartphone) all same problem
6. Change router.


Thing i haven't tried is to force traffic on vpn tunnel when the problem happen. I would assume this could resolve the site. I'm expecting there some issue with https traffic that might cause the issue. I do some port forward on port 443 for my ssh connection. That might be the problem, but i have doubts because only these 3 sites that give me problem.

Some DNS test using several DNS resolver. All access denied.

Google DNS:


Cloud Flare:


TM DNS:



I did fiddler capturing the https traffic. There is some problem with the https caching where it is expired. Not an expert about https caching, if anyone can explain why it is expired?




This post has been edited by ruffstuff: Feb 10 2019, 10:14 AM

It is TM dynamic IP.

[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.1.1/24 192.168.1.0 ether2
1 D 42.191.27.228/32 10.233.33.38 pppoe-out1


When i do reconnect my PPPOE (which is much faster than rebooting router), and been assigned new IP, the problem got resolved. I want to believe the problem is not at ISP level, so im trying to replicate and find how to trigger the access denied thing. I don't think it is application layer issue. Should be somewhere on the transport layer.

*Updated site list.

It could be that these sites is blocking range of IPs for certain period? It looks like it is not only me. So it must be at the ISP/server level.

no solution. Changing ip is the workraound now.

I've compiled few IPs that is broken. I'm not sure if the IPs work on certain period or just doesn't work with those websites.
42.191.68.42
42.191.27.228
42.191.90.123
42.191.33.142
42.191.9.11
42.191.49.27
42.191.43.220


Not all 42.191.x.x ips broken. I'm now on 42.191.x.x ips, and it works fine. And the issue seems to be less frequent now. Haven't encounter since few weeks.

Jb hifi site block entire geo ips. Can see in the header. You need vpn to access jbhifi.