Web site not accessible with VPN

If they see this thread, I hope they will STOP BLOCKING VPNs on their website.

I will send them the link by e-mail. I was never on their web site, only phone and email. What is the problem with their web site, I see it fine now.

Maybe they’re not blocking all VPNs, only some. I get a 403 error.

I’m not in Germany, but I was just curious about what they offer, so I tried to visit the site.

This is from a server in Chech Republic:

$ lynx -dump www.handyklinikottobrunn.de
   #[1]Handyklinik Ottobrunn » Feed [2]Handyklinik Ottobrunn »
   Kommentar-Feed [3]alternate [4]alternate [5]alternate

     * [6]Handyklinik Ottobrunn
     * [7]Jetzt Reparieren
     * [8]Recycling
     * [9]WERTGARANITIE
     * [10]Kontakt

I will try it tomorrow from a server in US.

There may be two separate questions:

• Are they actually blocking VPNs? (which may only be achievable by knowing all the IP addresses of all the major VPN providers)
• Are they geoblocking? (which may only be achievable by knowing the country associated with every IP address)

… not that there would be much reason for doing either for a business of this nature.

Hence a third question … are they actually blocking anything?

FWIW, their web site works from sunny Australia (without VPN) - as near as I can tell given that my knowledge of German is limited.

Is it possible that their web site is interacting adversely with your PiHole implementation?

Did you confirm definitively that VPN is the problem by disabling your VPN and accessing the web site? (if that is something that you are willing to do)

Also, I see that the original domain given www.handyklinikottobrunn.de redirects (301) to handyklinikottobrunn.de when accessed via https - so that could interact with browser behaviour, including hence which browser you used, what configuration it has and what extensions if any you have installed for that browser.

Certificate validation can be different between two users.

IPv4 v. IPv6 can be an issue. For me, the domain name resolved giving multiple of each but I’m temporarily not dual stack (yeah, don’t ask) so only IPv4 is going to work and IPv4 is definitely what was selected.

Finally, the odd 403 can just be a temporary flapup at their end. Are you still getting it?

PS It looks as if they are using Cloudflare (presumably for a CDN although I wouldn’t have thought they would have the volume to need a CDN). So that adds another dimension … the shop itself may not care about any of this but the behaviour may be being introduced by Cloudflare.

Is all this (VPN, …) so important? If you need their service just drop them a mail or place a phone call.

Maybe the proportion of VPN users among Librem 5 users is higher than among the general population.

I have tried with two different VPNs I subscribe to, also trying several different countries exit servers, and I could see no problem accessing their site. But I have cloudflare permanently blocked by NoScript, so it is bypassed (and as @irvinewade mentioned, this might be the problem)
BTW, the site will even display fine in static html (meaning no javascript allowed to execute)

I was only making a casual observation, and not really looking to troubleshoot this, as I don’t really need to use the site myself, but…

No. When connected to my VPN service, I choose to use the service’s OpenNIC DNS, and doing so bypasses Pi-hole. However, I do have their DNS filtering enabled, and have loaded some of the same public blocklists in my account.

But NoScript, Privacy Badger, and uBlockOrigin show no third-party scripts running on that website anyway, so unless a blocklist treats https://www.handyklinikottobrunn.de/ as a malicious connection, I don’t see what it could interfere with.

I would never drop my VPN connection just to see if a random website would work, unless I really, really, really needed to interact with the site.

Interesting. Searching for the business by name on Startpage finds the url without www, but navigating to it from the search results still gives: “403 - Forbidden - Access to this resource on the server is denied!”

I’m running fully-updated LibreWolf on Linux Mint. I imagine it’s working correctly. ?

I, too, only have IPv4 enabled.

Yes. I’ve tried from various U.S. servers. But interestingly, using AirVPN’s tool to check for blocked routes to handyklinikottobrunn.de shows generally successful connections (including the one I’m on now, which is actually getting the 403).

I have Cloudflare permanently allowed in this browser, because I often need it for the “Please verify you’re a human” checkbox. (I don’t enable Cloudflare’s analytics scripts by default, though.)

I personally don’t need their service; I was only mildly curious. But if I were, I would want to check their website first, and I absolutely don’t browse without a VPN.

@irvinewade
And typically, in that situation, a website doesn’t display a “banned” message, only something like “Please enable javascript,” if it displays anything at all. In my experience, at least.

Interesting comment. You are hinting that people blocking Cloudflare are getting flagged for reCaptcha?
Please develop - I would like to know more, because I don’t really have this impression myself when browsing although I block Cloudflare everywhere.

I have the same experience.
Default for Cloudflare scripting is ‘off’.
I need to set it to ‘on’ for answering the ‘I’m no robot’ nag screen. This behaviour is not the same for every website I visit. I guess it depends on how an admin has implemented Cloudflare.

Not at all. I think there must be something about my privacy setup+particular VPN provider’s routing protocols that flags it.

Typically, I land on a random site and, if necessary (i.e. to make content show), then enable the main site’s script (in NoScript settings). If Cloudflare happens to be handling the site’s “security,” and if I then enable the main Cloudflare script (or if I’ve already enabled it globally) in NoScript, then the “I’m not a robot” checkbox is activated, and I can click it to proceed. If I don’t enable Cloudflare, then I just get an endlessly spinning wheel where the checkbox should be.

Sometimes, but not always, I see that spinning wheel upon landing on the site before I’ve enabled the site’s main script.

In any case, Cloudflare’s checkbox is infinitely preferable to Google’s reCAPTCHA, For obvious reasons.

P.S. Many websites hit me with “Access denied” without offering a bypass at all.

Yes. A “polite” web site that relies on Javascript will use the <noscript> tag to give the user a heads-up that the web site aint gonna work for you. There is no obligation on a web site to use that tag.

In full generality, losing random pieces of Javascript (code!) by virtue of blocking specific sites or Javascript in toto could result in an error that is quite diverse.

I concede that at this stage we simply don’t know why you are getting that error.

Looking online … does the 403 error have Cloudflare branding or is it a vanilla browser error? Are you in a position to post a screenshot of the error (suitably cropped as needed)?

(The point of the question is that Cloudflare is effectively an HTTP front end, and so HTTP is running both on the myriad Cloudflare servers and on the origin server - and a 403 could arise on either server.)

Are you accessing via https: or http: ? (When I did it successfully, both from Oz not via VPN and from overseas - not in Germany - from a VPS, I used a URL with https:.)

Pandora does not allow me to log in to my Pandora account while I am using VPN. I keep four wifi hotspots running at home all the time. Two of them are regular password protected hotspots. One is TOR and one is VPN. So when I want to listen to Pandora, I switch from the VPN hotspot to an unencrypted hotspot. I assumed that when on one of the VPN or TOR connections, that no one could correlate my anonymous person as the same person who they see when I have no encryption. Is this correct? Do my ununcrypted connections compromise security on my VPN networks?

That was kinda my question. How should we consider Cloudflare? Surely not nearly as bad as G, but how bad anyway?
Toothache or cancer?

That may be geofencing at work. Speculatively speaking, a company that gains a licence to distribute copyrighted works may only have a licence to do so within certain geographical regions. So, if your VPN server endpoint is in a different country, it could be expected behaviour - or even if your VPN is in the same country if they just attempt to block all VPNs.

No, just a white page with the exact message I indicated previously. No mention of Cloudflare, either on the page, or in NoScript, Privacy Badger, or uBo.

https:

More like banging your toe against something. At least it doesn’t require “slave labor” to get past it, unlike reCAPTCHA.

Many streaming services explicitly prohibit connecting through VPN and allegedly block known VPN’s IP ranges, usually due to licensing restrictions, as @irvinewade said. Netflix is a prime example.

Well, if you’re logged into any accounts as you move from one hotspot to another, those entities will be able to connect the dots. Possibly also if you have some non-account activity moving across them, e.g. an open website, or other online service. If entities are smart enough, and motivated enough (Hello, Google analytics, Doubleclick, and Meta!), then their scripts could probably correlate data about your device by targeted fingerprinting.

I block scripts like those universally in order to prevent direct data exploitation, at the possible expense of being more easily fingerprinted, even behind a VPN.

(By the way, Pandora is owned by SiriusXM.)

Then I think that Cloudflare would claim that the error is coming from the origin server i.e. the fault is with the underlying store and its web server - and that Cloudflare itself is accepting the request. I imagine that when Cloudflare forwards the HTTP request to the origin server, it preserves information about the original source (you / your VPN IP address). I don’t have either the access or the expertise to say for sure what is going on.