0

Recently configured Azure AD for an Office365 client, using the same local/internal domain as their external website. (i.e. we are using "domain.com" as the Azure AD/Office365 domain, and also using "domain.com" for website).

Client's local network is connected (site-to-site) via a SonicWall tz300.

When I set the SonicWall to use Azure DNS servers, everything worked as expected except the issue below. For example, I can ping, I can RDP, file shares are properly available, everything resolves over DNS without any issues, etc.

From any machine (a VM on Azure, or a local PC over VPN) the website "domain.com" and/or "www.domain.com" no longer loaded. I quickly discovered this is because we're using the Azure DNS servers so I added an A record for "www" that points to the external website's IP.

This allowed me to successfully access "www.domain.com" and bring up the external website when I browse from an Azure VM without any issue.

The outstanding issue is this: Attempting to access "www.domain.com" from a local PC connected via site-to-site through the SonicWall leads to the following error:

Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Note, pinging "www.domain.com" from both an working Azure VM or a local machine that receives this error resolves the appropriate IP address of the website.

I can't even begin to understand how this is happening and would greatly appreciate any insight. Thanks in advance!

Improve this question
6
  • 403is a permission issues. Maybe you could refer to this link
    – Shui shengbao
    Commented Jan 26, 2017 at 5:35
  • Based on my experience, you had better check your *.conf.
    – Shui shengbao
    Commented Jan 26, 2017 at 5:47
  • Thanks Walter! Is there any reason you could see why the issue would be specific only to the VPN connected office network? My thinking was since it seems to work completely fine from any other location, and worked fine at this office prior to DNS being switched to Azure, it must have something to do with the router doing something funky with the traffic. I'll investigate your idea and please let me know if you have further thoughts, I'm really stuck on this one.
    – Matthew Long
    Commented Jan 26, 2017 at 14:16
  • If this is a network issue. I think your error is time out not 403
    – Shui shengbao
    Commented Jan 30, 2017 at 2:26
  • Walter thanks again for your assistance. If you were curious of the cause and solution, it's now listed below. Unfortunately I'm not a web dev and the web dev I had at my disposal had no idea how to diagnose such issues.
    – Matthew Long
    Commented Feb 9, 2017 at 19:29

1 Answer 1

Reset to default
1

Turns out it was nothing but the .htaccess file in the root directory of the site having the IP address of the office location added such that it blocked all traffic and denied access.

Apparently a Wordpress security plugin thought something fishy was going on from the IP and added it to the .htaccess file automatically.

For those of you not heavy into web development or working with websites that have the same issue, check with your web developer and they may be able to help. You will have to connect via SSH or FTP to the root folder of your site, retrieve the .htaccess file, look for your IP and remove any lines that reference it. (I recommend opening .htaccess with notepad++ as it looks mighty ugly in notepad). Then, upload the edited file and replace the original. Ensure you file>save-as ".htaccess" if you have trouble naming the file properly.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .