Resolving 403 “not allowed” errors caused by IP allow list misconfiguration
A 403 “Not allowed” error occurs when a request is blocked due to an IP allow list restriction. To fix the issue, update the allow list configuration. Verifying and aligning the external IP address with the configured allow list should also restore the access.
Description description
Environment:
- Adobe Experience Manager as a Cloud Service (AEMaaCS)
- Cloud-based environments with IP allow list restrictions
- Author, Publish, or Preview services
Issue/Symptoms:
- Error message: 403 Not allowed. Not allowed.
- Trace ID is displayed on the error page
- Access is denied immediately when loading the environment URL
- Access issues occur after VPN or network routing changes
- Some users can access the environment while others cannot
Root cause:
When an IP allow list is applied, only the IP addresses explicitly included are permitted access. All other IP addresses are denied, resulting in a 403 error when a mismatch occurs.
How to confirm
- Identify your external IP address using an online IP lookup tool
- Check whether an IP allow list is applied to the environment
- Verify that your IP address falls within a configured range
- Confirm the allow list is applied to the correct service
Resolution resolution
To fix the issue:
- Identify your current external IP address using a trusted IP lookup service.
- Review the IP allow lists applied to the affected environment.
- Ensure your IP is included in the allow list range; add or update it if necessary.
- Apply the updated allow list to the correct service (Author, Publish, or Preview).
- Retry accessing the environment and confirm the login page loads successfully.
Related reading
recommendation-more-help
experience-cloud-kcs-help-kbarticles