Has the IP filtering changed on circleci.com and app.circleci.com?

Hey folks, long time no post…

I am logging in from 213.152.*.* and am getting 403 on some internal CircleCI page endpoints. The app is reporting 500 error, but it looks like it is actually 403 internally. This is stopping me using the app entirely. I’m using a VPN, but this has never been a problem before, not in my many years of using Circle.

My builds are reported as working in Bitbucket, but I can’t watch them or debug them in Circle. If a VPN is now to be a problem, I can change probably change exit country, but I’d sooner the platform was VPN-friendly. Has there been an infra change in this regard?

Update

I am now trying 217.151.*.* and I am getting the same. Could someone advise that this is a temporary situation?

Update 2

Ooh, interesting: I am getting this error on this internal URL:

Response body is not available to scripts (Reason: CORS Missing Allow Origin)

This is in Firefox 113 on Linux Mint.

Update 3

The app seems to work fine on Chromium. So my theory about the firewall is likely wrong, but there still seems to be a recent breaking change.

(I’ve updated the title to reflect the likely cause of this issue.)

Update 4

I think my initial suspicion was correct; my IP seems to be being aggressively filtered.

OK, and we’re back up and running in Firefox. Update pushed?

Ah, I don’t think this is solved. Chromium seems to do OK for a bit, then I get a 403 or a 500. Clearing cookies and signing in again via Bitbucket seems to solve it temporarily, but it will start to fail again within an hour or two.

I do think some IP range filtering is being applied, but probably by the edge provider, rather than CircleCI’s systems.