Sorry, your request was blocked by our automated security systems

james.x.chorlton · March 17, 2021, 9:03am

Morning All,

After moving a platform from an on premises development environment to a cloud staging area we are seeing “Sorry, your request was blocked by our automated security systems” (403) messages from the TFL APIs. This happens regardless of providing the authentication key or not.

Is anyone able to provide some information about what factors can lead to the TFL APIs providing 403 responses? I found a post about blank user-agent strings, but that is not the cause in this case.

Thanks

James

briantist · March 17, 2021, 11:07am

This has happened a few time

james.x.chorlton · March 17, 2021, 11:28am

Other than potentially the “not in the UK” part I can’t see that those will be the cause. The UA is already set (as mentioned); the app_id no longer applies and setting the key (or not) makes no difference.

In this case the resource is running in an Azure UK region; so unless TFL are blocking Azure resources (or are miscategorising the Azure IPs) I can’t see why this would be the cause.

Thanks

James

briantist · March 17, 2021, 11:44am

It could be that you are sharing an “apparent” IP address with other users, perhaps? Do you know if you are connected via an IP4 or IP6 connection?

It might just be an error, perhaps if you post your IP address @jamesevans might be able to say it’s OK.

james.x.chorlton · March 17, 2021, 12:13pm

Posting an IP won’t be easy as the resource runs using a pool of IPs that Azure assign to PaaS resources in the UK South region.

jamesevans · March 17, 2021, 12:16pm

Hi @james.x.chorlton

We may be able to look at our CDN and try to work out why it’s been blocked.

Do you have a timestamp, request URI and the Cloudflare RayID from the response header?

Thanks,
James

MarkR1717 · March 5, 2023, 6:20pm

I have the same

Sorry, your request was blocked by our automated security systems
Using Android mobile and chrome.

See attached picture.
Anyone know why?

Thanks
Mark

jamesevans · March 6, 2023, 8:39am

hi @MarkR1717

The URL you’re using doesn’t look right. Can you please advise what you’re trying to access?

Thanks,
James

Tata15 · June 4, 2023, 4:29pm

Same error from my iPad using a Chrome browser and from my android phone using the app. I’m currently in the US and assume the TFL servers don’t like my IP’s origin, but will I be able to log in when I’m in London this week? Would like to check balances on our oyster cards.

briantist · June 4, 2023, 9:55pm

Welcome @Tata15

This is not really the place for the support of httpx://account.tfl.gov.uk/my-account/profile

However, I would suggest you try:

Check you aren’t using a VPN - it’s much better to remote to a UK address using RDC if you can.
Check your aren’t using an AdBlocker and if you are turn it off for “account.tfl.gov.uk”

Also check you’ve not accidentally turned off JavaScript

jamesevans · June 5, 2023, 10:31am

Hi @Tata15 - that will be the issue, access to customer accounts is currently only allowed from within Europe.

There is guidance on this on the advice page for the new multi-factor authentication functionality.

Thanks,
James