Sorry, your request was blocked by our automated security systems

Morning All,

After moving a platform from an on premises development environment to a cloud staging area we are seeing “Sorry, your request was blocked by our automated security systems” (403) messages from the TFL APIs. This happens regardless of providing the authentication key or not.

Is anyone able to provide some information about what factors can lead to the TFL APIs providing 403 responses? I found a post about blank user-agent strings, but that is not the cause in this case.



This has happened a few time

Other than potentially the “not in the UK” part I can’t see that those will be the cause. The UA is already set (as mentioned); the app_id no longer applies and setting the key (or not) makes no difference.

In this case the resource is running in an Azure UK region; so unless TFL are blocking Azure resources (or are miscategorising the Azure IPs) I can’t see why this would be the cause.



It could be that you are sharing an “apparent” IP address with other users, perhaps? Do you know if you are connected via an IP4 or IP6 connection?

It might just be an error, perhaps if you post your IP address @jamesevans might be able to say it’s OK.

Posting an IP won’t be easy as the resource runs using a pool of IPs that Azure assign to PaaS resources in the UK South region.

Hi @james.x.chorlton

We may be able to look at our CDN and try to work out why it’s been blocked.

Do you have a timestamp, request URI and the Cloudflare RayID from the response header?