Topic: "Access Denied" (403) when trying to post text

Posted under Site Bug Reports & Feature Requests

Donovan DMC

Former Staff

If you're using something like tor, don't
Else, we can't really help you much without what the actual content of the error page is

donovan_dmc said:
If you're using something like tor, don't

Why? I've never used e6 without Tor.
What's the reason from a technical standpoint why we shouldn't use Tor (or any other anonymizing service/system)?

I came here to report the same problem.
Logging in is no problem and until recently I could upload new posts and edit tags. Either without problems or with a Ctrl+F5

Since at least a few days ago neither is possible any more.

EDIT#1
Posting the previous text failed initially but Ctrl+F5 and telling FireFox/TorBrowser to re-send the data helped. I assume the same will happen when adding "EDIT#1".

kalider said:
Why? I've never used e6 without Tor.
What's the reason from a technical standpoint why we shouldn't use Tor (or any other anonymizing service/system)?

A fairly straightforward one.
Both Tor and VPNs have been used by malicious users to break site rules. That mainly comes down to posting illegal content, spam, and repeated ban evasion attempts.
As a result, a number of VPN IPs and Tor exit nodes have been blocked.

You can still use them if you want to. I certainly do.
It's just that it comes with the understanding that you might run into issues like this.

cinder said:
As a result, a number of VPN IPs and Tor exit nodes have been blocked.

That's exactly the point: If they are blocked I guess I'm right to assume the blocking happens on a network/TCP/IP/firewall/iptables level?
But that doesn't "scan" with me and the OP still being able to use the site and do some stuff bot not other stuff (without switching exit nodes / tor circuits / VPNs).

From my observations my guess would be that some type of HTTP request (POST?) fails initially with an "access denied" but works with re-sending the request data.
And at the same time the other type (GET?) never works.

I've not yet looked into the actual server/client conversation - will do so later - but at least for me uploading new images or editing tags doesn't work at all anymore (because on Ctrl+F5 FiFo doesn't ask me to resend data -> I assume the upload/edit post page was modified some time between my last tags-edit and now).

kalider said:
That's exactly the point: If they are blocked I guess I'm right to assume the blocking happens on a network/TCP/IP/firewall/iptables level?
But that doesn't "scan" with me and the OP still being able to use the site and do some stuff bot not other stuff (without switching exit nodes / tor circuits / VPNs).

I don't work for or volunteer for e621.

e621 is known to use Cloudflare, which as I understand it, sits "in front of" e621's actual server(s), and works as a proxy for incoming connections. (nslookup e621.net and then whois the IP addresses, on a box near you, to see this.) This is most noticeable when e621 is the target of a DoS attack; interactive users will occasionally get a Cloudflare page that asks them to solve a CAPTCHA before forwarding them to the e621 page the user originally requested. In that condition, e621 API users sometimes complain that e621 "isn't working"; Cloudflare is also issuing CAPTCHAs to API users, but a non-interactive connection doesn't have any way to solve the CAPTCHA.

I think that one of the services Cloudflare offers is "rate limiting of potentially dodgy clients/IPs". In other words, rather than just totally blocking (say) a Tor exit node, Cloudflare might let every 3rd or 5th or 10th request from that IP go through. I also think that the e621 admins have a little bit of control over how many connections Cloudflare lets through, but Cloudflare has a certain amount of freedom to make its own decisions.

Again, I don't have any direct knowledge of how this works. This is just based on my own observations.

For me, a workaround when editing tags or submitting forms is, after e621 responds with an "Access Denied" page, pressing ctrl+shift+L (new Tor circuit for this site) and resubmitting the request. It seems that allows one request through, or perhaps multiple, for a short time.

  • 1