Replace Forbidden (403) Error with Captcha challenge on suspicious IPs


Recommended Posts

I use NordVPN for my Internet access (to prevent my ISP from collecting marketing information from my browsing.)  But many of the NordVPN nodes are blocked by Hawk Host, which prevents me from accessing my own domain.  I can understand that bad actors are using VPNs to hide their activity, and I'm glad that Hawk Host is blocking them.  But instead of just throwing a 403 Forbidden error, I would like it to perform a Captcha challenge to prove they are not a BOT.  With the current set-up I must randomly try different VPN nodes until I find one that isn't blacklisted.  I often have to switch to a node in Canada to not be blocked.

Many sites do exactly this: instead of completely blocking the user completely, they can complete a Captcha challenge, then continue to the site ( is a good example of that.)  The current set-up is frustrating for me, and I have no idea how many users are blocked from access to my site and don't realize why.

I would also ask in advance that, if this is implemented, to please not use the cheesy captcha that is used for signing-up to this forum.  It's not only overly tedious, but I had to try from several different browser before I could get past that screen.  Google provides some excellent options, some of which base the challenge difficulty on the source IP reputation, and they don't charge for commercial use (I use one on my site.)

Link to comment
Share on other sites


A couple of years ago I opened ticket VAE-864-18071 for this exact issue, and this was the response I received:

"It seems the IP of your VPN is either blacklisted or blocked on our servers firewall. If there are any particular IPs for your VPN, kindly let us know so that we can have a detailed look into it. If the IP is temporarily blocked on our server's firewall, it will show a captcha so you could still visit the site. It seems the VPN's IP is permanently blocked on our server's firewall."

Based on that response it seems there are two classes of IPs being blocked: temporary and blacklisted.  Apparently many of the NordVPN nodes fall into the latter category.  So is there a reason the 'blacklisted' IPs couldn't also be given a Captcha challenge?  Since the IP of the VPN is very fluid, trying to get each one opened individually as the 403 errors occur doesn't seem like a good solution.

Thank you,


Link to comment
Share on other sites

The software has evolved a lot in two years and since then a lot of the scenarios where it was a 403 instead of a captcha have been resolved. If this is still happening now I'd encourage you to open a new ticket and ask it to be escalated as that sounds like a bug.

Link to comment
Share on other sites


I saw your update to the ticket, and that it was my fault because at some point I had blocked that subnet from my site.

Thanks for finding that so quickly (now I feel like an idiot LOL.) I'll need to review my deny list, and probably create a custom 403 page so I don't fool myself again.

I appreciate the fast response, and as always the outstanding service!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.