Airport Extreme Website block..

I'm joining this thread as I too am seeing similar issues using an AEBS (MB053B/A Model No: A1143). Worked fine for several months, and then I noticed that I could not get Google Maps when connected via the base station. Now I'm seeing the same problem with Youtube.

I've switched the AEBS from Bridge mode to DHCP mode and back, and that seemed to work for a short time, but the problems are back. Restarting the base station and/or my ADSL modem/router appears to make no difference.

Strangely, I can connect to both Youtube and Google Maps using my iPhone via the AEBS provided wireless network without difficulty, so the issue seems to be specific perhaps to certain combinations of AEBS models and Mac models?

Needless to say that if I take the AEBS out of the connection chain everything is working fine. Judging by many previous comments in this thread Apple seems not to recognise this issue and offers no fix for it? Which seems odd as for me this looks to be a critical issue.

Has anyone else succeeded in using the fix suggested by grapejoos on page 6 of this thread (clearing out cache files and rebooting)?

I just hit the same wall when accessing one of the domains I own. How a multibillion dollar company can continue to neglect well established customers for so long is amazing. I'm confident that if the AEBS was stopping people from accessing the App Store, it would be fixed in moments.

For those of you who are having this problem, I thought that I would chime in explain what is going on here. First, and foremost, I'm a network engineer who has seen this issue countless times and, surprisingly, the problem is not what a lot of people think it is (although it may seem like it is the case). I'll try to explain this in laymans terms.

First, the issue isn't necessarily the AEBS, although it is apart of the problem. What is actually happening here is that you are being blocked by the site, not the other way around. Specifically, your IP address is being "banned" by the site in question (in some cases, temporarily, in others, more permanently). Issues like these are hard to diagnose because most people troubleshoot the issue by unplugging their router, plugging their computer straight into the modem, and then realizing that the issue is gone. Likewise, many people take their routers (in this case, AEBS) to Apple, plug it in, and it starts to work as well. So, let's break this into two parts and address the problem first and why it is happening.

The Problem:

As stated above, the issue is happening because of your IP address being banned by the site you are trying to visit. The reason why you are being banned is a combination of a couple of things on both the sites' side and your side, creating a "perfect storm" if you will. From the sites side of the house, around 2008, many linux-based servers started receiving updates that included security products that would detect rapid or repeated connection attempts (products such as fail2ban and csf). When these security products detect rapid connection attempts or repeated failures, they either temporarily or permanently ban the IP address in question. By the end of 2009, many popular web hosting services and control panel companies included these products as well (control panel companies such as CPanel). The problem is that many people do not know that these products are installed on their servers, let alone that they are running (larger entities do, but the smaller shops and individual site owners rarely do). From the user side of the house, around 2008, many browsers started to include HTML5 capabilities through optional software (such as Google Gears). By 2009, most browsers in some way, shape, or form, started to support HTML5 with its ability to do intelligent caching and DB storage in the browser itself. And, this is where we have the problem. Modern day browsers, in an attempt to make our browsing experience better, tend to open multiple connections to servers so that we can browse the site. For sites that have multimedia, photos, tons of links, etc, (such as blogs, video or photo sharing sites, etc) this results in your browser opening hundreds of connections at once. The problem with this is that if the server you are accessing has systems such as csf installed and you attempt to open a ton of threads to the page, the result is that the software mistakenly thinks that you are a security problem and bans your IP address from accessing the site. For most software (such as CSF), the ban is temporary, but increases in time the more you are banned. For other software, the ban could be permanent.

Why Changing Routers or Plugging in Directly Works:

The reason why changing routers, plugging in your computer directly to your modem, or even taking in your router back to Apple works is because the minute you do any of those things, your IP address changes. This is because most ISPs link the IP address that you are given to your MAC address. Once the MAC address changes (you changing routers, plugging in directly, etc), your ISP will give you a new IP address. When you plug back in your original router, your ISP will return the IP address that you previously had (in most cases. Sometimes, it will give you a completely new address again).

Why this issue is more common with the AEBS than other routers:

In general, this issue is more common with the AEBS (along with cheaper routers) is because the AEBS (along with cheaper routers) generally do not contain QoS (quality of service) controls. Now, for those of you who are technical, you may note that QoS's purpose isn't about preventing you from being banned. And, that is true. For those of you who are not technical, QoS is a process by which your internet bandwidth is regulated by your router so that higher priority items (such as a VoIP phone or a video game) can have more bandwidth available to them when multiple devices are trying to access the Internet at the same time. The reasons why routers with QoS do not experience this issue as often (if ever) is because one of the things that they do is rate and thread limiting. Because your throughput rate and threads are distributed more evenly (rather than a free for all), chances are you will not experience the issue since products like csf work by detecting uneven or rapid connections.

Conclusion:

So, in conclusion, 99% of the time, you are being blocked on the other end. To solve the issue, you generally will have to contact the site owner to have your IP address unblocked. If you are using AEBS, the best thing to do would be to disconnect your AEBS from your internet connection for 24 hours and then plug it back in (most ISPs will assign you a new IP if you are offline for 24 hours or more). Also, try to limit the number of tabs that you open to the same site. If you are being blocked by your own site (and, your site uses CPanel, which it likely does), go into your CPanel settings (WHM settings) (from another connection, of course), go to CSF, remove the ban on your IP address, and add it to the exclusion list.

Great post. Many thanks for this. It may well explain many or all of the reported problems. In my case I have a static IP address, so presumably it makes no difference if I'm connected via my AEBS or directly into the ADSL modem? I guess the site sees the same IP address regardless as I'm sitting behind a NATted router.

I have come across this issue on two occasions since I've run an AEBS.

On both occasions I was being blocked from the same site maps.google.co.uk, and on both occasions I seem to have resolved the issue by changing the settings in the AEBS (from Bridge mode to DHCP mode or the other way round), and that appears to solve the problem, although I've no idea why that might fix the problem.

The issue does go away if I take the AEBS out of the connection chain.

Perhaps the packets received by the site include not only the public IP address but also my internal IP address (and MAC address)? If that were the case and the server was blocking me on the basis of both IP addresses your explanation would fit the evidence I'm seeing.

No, the site in question would only see your public address. They would never see your private address. To better determine what the problem is, put your AEBS into normal mode and visit a site that tells you your IP address (search "What's my IP" in Google). Then, put your AEBS into bridged mode and then go back to the same site and see. Report back if when you do that if the IP addresses are the same or different. I do know that some ISPs (here in the US, Verizon FiOS and ATT Uverse come to mind) have the ability to pass the real IP down the chain to the AEBS (i.e. they work in a bridged mode), creating a router-to-router situation. You may be using an ISP that has this turned on (typically, Verizon FiOS and ATT Uverse have this turned off). If your IPs are the same in both cases, then this isn't the case. If they are different, then that would be what is happening.

While Tezgno has a great explanation, I struggle with the fact that I too have this problem. What he says makes sense since the site in question (www.bocafallsweather.com) is constantly being updated by my weather station software and automated FTP software.

But, I never had this problem on my previous router for more than 6 months (Linksys E3000). Once I put the AEBS in, it happened within a week. If I manage to get an new IP address, it fixes for awhile then the problem occurs again.

My site is hosted by IXwebhosting and they have assured me that my IP is not blocked.

This is all very confusing and frsutrating... going to dump my AEBS and get a real router.

As I stated before, this is an issue with the AEBS because it does not do rate limiting. Nearly all Linksys routers do this. This is why you have this happen on the AEBS and not the Linksys routers. Hopefully, in the next release of the AEBS, this will be resolved.

Then as a "Network Engineer", where should I ask my ISP to look to unblock my IP? I have had extensive and escalated communication with them, but they still insist there is no block on their side.

Your ISP isn't the one doing the blocking. It's the site that you are attempting to visit that is blocking you. You would need to talk to the owner of the site in question regarding unblocking your IP.

I apologize, I did not mean my ISP... the conversations I have had are with my Hosting Service (IXwebhosting). Here is their last response, as of a few hours ago:

"We have checked the issue you described and may assure you that there are no blocks against your IP address from our end. The issue must be related to your ISP or router configurations. Please recheck your Internet connection once again and make sure that your site IP is not filtered by your local Firewall/AV soft."

Does your site use CPanel for the control panel?

Yes

Then have your hosting company, first, go into WHM, go to CSF, then remove your IP from the ban list. Second, have them also exclude your IP from CSF so that it does reban you.