Appspot got 403 Forbidden and we can't use our cloud storage

[Олег Искевич]

Hello.

Appspot got ERROR 403 and we can’t use our cloud storage lunimg.appspot.com. My IP-address list - 77.120.117.67, 77.120.117.29. Can you help solve the problem? Thanks!

iskevych@lun-04:~$ wget http://appspot.com

--2015-08-20 06:53:42--  http://appspot.com/

Resolving appspot.com (appspot.com)... 173.194.67.141, 2a00:1450:400c:c05::8d

Connecting to appspot.com (appspot.com)|173.194.67.141|:80... connected.

HTTP request sent, awaiting response... 403 Forbidden

2015-08-20 06:53:42 ERROR 403: Forbidden.

iskevych@lun-04:~$ /sbin/ifconfig

eth0      Link encap:Ethernet  HWaddr 00:40:63:e5:e5:57

          inet addr:77.120.117.67  Bcast:77.120.117.255  Mask:255.255.255.0

          inet6 addr: fe80::240:63ff:fee5:e557/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:33108897 errors:3 dropped:0 overruns:3 frame:0

          TX packets:25379630 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:3283368977 (3.0 GiB)  TX bytes:957967995 (913.5 MiB)

          Interrupt:12 Base address:0xd000

Best regards,

Oleg Iskevych

[Patrice (Cloud Platform Support)]

Hi Oleg,

What are you running to get that error exactly? Because if that comes from a wget to appspot.com, I don't think it's appspot related, since you need to be authenticated when hitting appspot.com. If you go manually to this site, it takes you to your appengine.google.com page, so trying to do a wget directly means you're not authenticated, which would justify the 403.

What exactly are you trying to grab from a wget to appspot.com?

Cheers

[Олег Искевич]

Patrice, thanks for reply!

We using Google Cloud as image storage for our web-projects: www.lun.ua, novostroyki.lun.ua, day.lun.ua.

Example of img url : http://lunimg.appspot.com/daily_ua/425/283/1786510.jpg

This url must availible from any sources without any limits, its critical for us.

But all services of google cloud not availible from network 77.120.117.0/24. It's very critical problem, because all our servers (web-servers, internal services for managers, core of our service wich using google cloud storage) have ip-addresses from this subnet.

I tried open url http://lunimg.appspot.com/daily_ua/425/283/1786510.jpg from 77.120.117.67, 77.120.117.29, 77.120.117.246 and got 403 Forbidden.



wget http://lunimg.appspot.com/daily_ua/425/283/1786510.jpg --2015-08-20 20:58:42-- http://lunimg.appspot.com/daily_ua/425/283/1786510.jpg
Распознаётся lunimg.appspot.com (lunimg.appspot.com)... 173.194.67.141, 2a00:1450:400c:c05::8d
Подключение к lunimg.appspot.com (lunimg.appspot.com)|173.194.67.141|:80... соединение установлено.
HTTP-запрос отправлен. Ожидание ответа... 403 Forbidden
2015-08-20 20:58:43 ОШИБКА 403: Forbidden.


I authenticated and have the same reply from cloud-service. I authenticated and can't upload images in my storage. I cant uploud images from our internal service wich hosting in this subnet... We're losing money every minute, because part of our services not available.

I think this range ip-addresses banned (77.120.117.0/24). But why?

If I using cloud from other source - everything is OK!

Cat you help us? Can you unblock subnet of our servers (77.120.117.0/24)

Thanks.

p.s. Sorry, my english is not perfect )))

четверг, 20 августа 2015 г., 23:20:01 UTC+3 пользователь Patrice (Cloud Platform Support) написал:

[Patrice (Cloud Platform Support)]

Hi Oleg,

Thank you for the quick and thorough reply (and no worries about your English, I get the meaning of what you're asking and it's the important part).

I will be looking into this internally to try and determine what is happening. I should be able to update you before the end of next Monday (unless I make enough progress today to give you something).

In the meantime, if this is really mission-critical for you and you're losing money from this, there is one small clarification I need to make: while I will be more than happy to do my best to get you through, there is no estimation to how long this is going to take (I will obviously try to get you up and running as fast as possible, but there is nothing contractual to this). Since this seems to be time-sensitive, you can always sign up for a support package and get your issue treated as a support case, which will give it more traction. Just offering this as an alternative if your issue is that time sensitive. Again, I should have more information before the end of the day Monday, so it's up to you. You can look into the different packaged here.

Cheers!

[Patrice (Cloud Platform Support)]

Hi again Oleg,

Looking more in depth in your issue, I decided to file a request with the back-end team to see if we can get you unblocked. I have no ETA on the request though, but rest assured we are looking into it.

Cheers!

[Олег Искевич]

Patrice, hello.

Thanks for help! Do you have some feetback from back-end team? Can you ask about this subnet? Why this subnet blocked?

суббота, 22 августа 2015 г., 0:58:50 UTC+3 пользователь Patrice (Cloud Platform Support) написал:

[Patrice (Cloud Platform Support)]

Hi Oleg,

I don't know exactly what is happening to be honest. All I know is that, looking into it, I can't find any reason why it would have been blocked, and I sent up a request to have it investigated to make sure what should be the status here, and change whatever needs to be done internally.

I have no news on this yet. I can't even promise an ETA, since this investigation could get lengthy, depending on why the IP was in a blocked state.

Cheers

[Олег Искевич]

Partice, thanks.

Maybe is it US sanctions http://www.treasury.gov/resource-center/sanctions/Programs/Documents/ukraine_eo4.pdf ? But 77.120.117.0/24 - it's subnet of Kiev region, not Crimea. It's data-center in Kiev. But Google engineers could make a mistake.

среда, 26 августа 2015 г., 16:55:33 UTC+3 пользователь Patrice (Cloud Platform Support) написал: