Closed Bug 1762650 Opened 4 years ago Closed 3 years ago

Unable to access donate.mozilla.org page on Mozilla VPN

Categories

(Infrastructure & Operations :: SRE, defect)

Product:
Infrastructure & Operations
Component:
SRE
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: chris+bugzilla.mozilla.org-UZL, Assigned: baku)

Details

Attachments

(1 file)

Screenshot
124.96 KB, image/png
Details
Attached image Screenshot

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Steps to reproduce:

Navigate to https://donate.mozilla.org/

Actual results:

I see:

403 ERROR
The request could not be satisfied.
Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
Request ID: jmIZK8dN_EUTxS-l9BP2y0vVCAPHEV5IuV-yw8slx7N9zF0ABU9zwg==

Expected results:

I should see the donate.mozilla.org website.

Additional Info:
Mozilla VPN: 2.7.0 (2.202201250329)
Server: New York City
Browser: Chrome v100
Device: Macbook Pro running MacOS Monterey v12.2.1
DNS: 1.1.1.1 (CloudFlare)

I also have this problem.

OS: Fedora Kinoite 36.20220810.0
Mozilla VPN: 2.8.4~rc95
Server: Ashburn -> Atlanta
Browser: Firefox 103.0.1
Request ID: 1G6aCTqAqBjA_Wv9SFopZovaXvbjroM1xq453ydIHas6Bf6XbytGsQ==

Assignee: nobody → amarchesini
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Thank you for reporting this. It's reproducible on my end as well, with the Mozilla VPN as well as Outline, so I believe it's an origin problem rather than a specific VPN issue. Baku, do you think we could reassign to the Mozilla folks in charge of web servers?

Jbuck, do you think SRE is the right component for a CloudFront issue?

Component: General → SRE
Flags: needinfo?(jbuckley)
Product: Mozilla VPN → Infrastructure & Operations
Version: unspecified → ---

I suspect that Cloud Armor is blocking known VPN server IP's. ni? :jenc for more info

Flags: needinfo?(jbuckley) → needinfo?(jenc)

Yes, this is Cloudfront WAF blocking known VPN servers. We are aware of the issue with the donate WAF and working on a fix that will more gracefully handle VPN traffic than just sending back a 403 Forbidden.
amarchesini@mozilla.com - I can provide more detail to Mozilla employees through internal channels.

Flags: needinfo?(jenc)

This issue is now fixed.

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: