Processes Home

How to fix “Access Denied – GoDaddy Website Firewall” errors

Published On: December 13, 2022/Last Updated March 8, 2023

You may occasionally receive a technical clarification where the vendor is receiving an error that reads “Access Denied – GoDaddy Website Firewall”. This error means that the customer has added an extra layer of security to their website via the GoDaddy Website Security (Sucuri) Firewall. This is a valuable tool but can prevent vendors from accessing the site.  To resolve this issue we are going to make sure vendor VPN IP addresses are whitelisted in the customer’s Website Security account.

In this screenshot we can see the vendor builder is connected to their employer-provided VPN and the IP address provided by that VPN is still being blocked by the GoDaddy Website Firewall. This indicates the IP address needs to be whitelisted within the customer’s GoDaddy Security account.

Vendor Requirements

When a vendor builder receives this error, their first response should be the search the error on Style Guide, which should lead them to this article. If the vendor builder has followed that article correctly, they should have already tried connecting via VPN. If they’re still getting blocked this means that the vendor VPN IP addresses have not been whitelisted for this customer yet. Due to this, the technical clarification must meet the following criteria and if it does not the ticket should be immediately returned as “Troubleshooting Missed”:

  1. The vendor MUST provide a screenshot of the full error message similar to the screenshot above
  2. The IP address from the screenshot MUST match one of the approved vendor VPN addresses. If the screenshot does not match one of those IP addresses we cannot verify that the vendor is being blocked while connected to the approved VPN. As seen in the screenshot above, if the vendor is properly connected to their VPN then the blocked IP address will match their VPN IP.

Tips:

  • If returning as “Troubleshooting Missed” please be sure to provide the link to the article explaining the missed steps.
  • If the vendor claims to have connected via VPN but their IP address did not match any of our approved IP addresses you may also reply with the list of approved IP addresses for their vendor only.
  • If the vendor is connected to their VPN but their external IP address is not matching an approved IP address they may have misconfigured their VPN. Please confirm that the VPN IP addresses have been whitelisted and you can send a response using this template:

    You will need to connect from the whitelisted IP address in order to gain access. Please work with your company’s IT support to determine how to configure the VPN so that you are connecting from the whitelisted IP address. Your external IP address needs to match a whitelisted IP. We have verified the IPs have been whitelisted, so you should gain access as soon as you configure your VPN properly.

The Fix

If the provided screenshot looks good, proceed with whitelisting the approved IP addresses by completing the following steps:

  1. Access the firewall settings in the customer’s Website Security account from MYA by clicking on the “Details” link beneath “Firewall”
  1. You should now be on the Firewall dashboard. Click on the “Settings” tab.
  1. Next click the “Access Control” tab.
  1. You should now be on the Allow IP Address page. You will need to add each approved IP address one at a time. Make sure the dropdown is set to “Permanently” before clicking the “Allow” button.
  1. Once all IP addresses have been added go back to each IP address in the list and click the “Insert Note” link next to the IP address.  Add the following note in the pop-up window: WDS Builder VPN

Now that all IP addresses have been added, the vendor builders should be able to access the site if they’re connected to their employer’s VPN. If there are no other tasks on the clarification you can close the clarification with the following response:

This customer has added a Website Security Firewall, which is blocking your access based on your IP address. To provide you with access we have whitelisted each of the IP addresses provided by your employer’s VPN.

Please connect to your employer-provided VPN service and try again. If you are properly connected via one of the whitelisted IPs you should be able to connect to the site without issue.

Additional Suggestions

While accessing the customer’s Website Security account it is a best practice to verify that the customer has the Sucuri plugin installed on their site and properly connected to their account via API. Please be sure to take a moment to log into the customer site and verify that their Sucuri plugin is properly configured.