Some clients are unable to access our backend via a specific ISP, we’re trying to narrow down where’s the issue
What steps have you taken to resolve the issue?
Right now mostly we try to check our pfsense and haproxy settings, but this seems ok, as far as we can tell, we about 1,000 users and only 2 people with the same ISP have shown this issue, we’ve also made a copy of our front end and setup an access using cloudflare pages to check if this issue was between the ISP and cloudflare or between cloudflare and us, both clients are able to access this front end, but if they try to use ours (hosted locally) they’re unable to reach our servers (ERR_CONNECTION_TIMED_OUT).
I’m trying to figure out more ways to check if there’s something we can do with cloudflare while trying to contact the ISP
What are the steps to reproduce the issue?
Use ISP: Brisanet/Brazil try to access tractb2b.com.br
The screen is not actually a 403.
It means the ISP is likely blocking the domain (intentionally or not).
From the screen it seems that the requests are not even hitting Cloudflare, so probably the block is being accomplished by not resolving the hostname.
Try and change your DNS to Cloudflare’s 1.1.1.1, Google’s 8.8.8.8 or OpenDNS’s 208.67.222.222 and see if you can browse to it then. If you can, contact your ISP and inform them of the issue or inquire why are they blocking your website.
Thank you for the reply, we’re using google’s dns in our firewall, one of our technicians was able to talk with one of our clients and was able to do some tests, with both Cloudflare and google’s dns on client’s side, still unable to reach our site, meanwhile we’re trying to get in contact with the ISP in question and check if they’re blocking us for some reason.
Have them check if the DNS was indeed applied as they still might be inadvertently using the ISP one:
They can also try installing WARP and see if they can browse to the website then:
I’m suggesting this not as a method to fix the issue, but simply to test, so we can figure out where the problem lies.
EDIT: WARP has 2 modes, a VNP and a DNS only mode, so it can either apply Cloudflare DNS system-wide or tunnel traffic completely.
If the ISP is blocking alternative DNS, the tunnel mode should still work and the page should load.