Bug - access to cloud.gov environments blocked by VPN

[jtimpe]

Thank you for taking the time to let us know about the issue you found. The basic rule for bug reporting is that
something isn't working the way one would expect it to work. Please provide us with the information requested
below and we will look at it as soon as we are able.

Description

Raft has mandated VPN usage on company laptops, it appears that usage of the VPN occasionally blocks access to our development environments deployed in cloud.gov. A 403 error is returned and the following appears in the frontend logs

[error] 115#0: *15 access forbidden by rule, client: 2a09:bac0:1001:347::281:4d, server: , request: "GET / HTTP/1.1", host: "tdp-frontend-raft.app.cloud.gov"

Action Taken

In what way were you interacting with the application when you discovered the issue? Please be specific. Did it happen after you made a selection or clicked a button? Which page and which button? This information really helps us get to the bottom of an issue more quickly

• Attempted to access tdp-frontend-raft.app.cloud.gov

What I expected to see

Please provide a short description of what you expected to see

• The homepage

What I did see

Please provide a short description of what you did see. Screenshots are helpful, but please block out any personally identifying information before posting.

• An HTTP 403 error returned by nginx

Other Helpful Information

• The following IPv6 addresses are blocked

  2a09:bac0:1001:347::2dc:10
  2a09:bac0:1001:347::281:4d
  

• according to whatismyipaddress, the vpn is routing to New York, which should be encompassed in our nginx allow-list.
  

• Turning off the VPN allows access to the site as expected

• It may be possible to exclude some domains from the VPN - do we need organizational support/permission?