I am getting inconsistent HTTP 403 Forbidden results when requesting images embedded on a webpage. This is happening more frequently in FireFox, but occasionally also happens in Chrome. This website has been used for many years and this just popped up a few weeks ago. I control both the website and the server and am not sure of how to troubleshoot this issue. When I refresh the page it seems to be a different combination of resources that causes the issue.
Response:
HTTP/1.1 403 Forbidden
Server: Microsoft-IIS/8.5
X-UA-Compatible: IE=Edge
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000; includeSubDomains;
P3P: Our site does not have a P3P Policy, please see our privacy policy for more information.
Date: Fri, 15 Apr 2022 17:34:15 GMT
Content-Length: 0
Request:
GET /bonds/images/exclamation.png HTTP/1.1
Host: <Redacted>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: <Redacted>
Cookie: <Redacted>
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 04 Apr 2022 20:03:08 GMT
Cache-Control: max-age=0
In this case, it appears the issue was being caused by the dynamic IP restrictions limit, and increasing the max concurrent requests solved the issue.