TPG Community

neilthyer · ‎09-03-2024

Hi,

(from another post put in broadband are - not mobile billing - no one read the other post anyway)

I tried to login to the website from Singapore and I do not get past this error.

login to www.tpg.com.au
My Account
Use my account and password then redirects to here with the following error message.

https://cyberstore.tpg.com.au/your_account/index.php

The requested URL was rejected. Please consult with your administrator.

Your support ID is f322cbfb-f216-422a-b9ef-fcb321397af1

Error 403 - Forbidden

F5 site: sg3-sin

How can I login to manage my account even when I cannot login
Also I cannot login on my mobile app as well as I am connected to local wireless access points not data roaming.

Why is this so difficult?

BasilDV · ‎11-03-2024

Hi @neilthyer

Have you tried a different browser to access your account?

neilthyer · ‎15-03-2024

Multiple browsers, multiple internet connections - Starhub, Singtel broadband and even Simba (formerly TPG) in singapore.
Tried on multiple devices including phones and tablets.

So yeah.. awful service.

Still have not been able to login

neilthyer · ‎15-03-2024

Also you get the same response when you click "Support" on the www.tpg.com.au page from Singapore.

My question is, why doesn't TPG have a proper online support and instead revert it back to "community" so that tpg staff who "moderate" it to answer.
Why does TPG not have.
Email support - to a proper help desk like every other supplier
IM support - like every other supplier

Ahra_G · ‎17-03-2024

Hi @neilthyer, please send us a private message and we'd be glad to assist and pull up your account. Thanks!

neilthyer · ‎18-03-2024

Hi,

NO, The whole point of having a TPG community is so that solutions can be shared - right??

Sorry, but this is very frustrating, I can't email support@tpg,com.au, because they don't respond, I can call international and spend hundreds of dollars for TPG to "figure it out" or I can log into the community which only gets answer by TPG staff, that says "PM" me.

If the only solutions are offered by TPG staff saying "PM" me, then this is NOT a community but a very very slow help desk..
This problem affects both TPG account login and the TPG support page,

I have attached 2 pictures, same error, different web browsers in case you ask something like -
Answers.
1. Yes I did try another browser
2. Yes, cleared your cache.
3. Yes and I tried connecting on mobile and use differerent internet connections

If fails for both account login and support pages on the tpg website - as at 18 March.

So here is some diagnosis for you.
This is a web server error, most likely because TPG is using IP address filtering to prevent addresses outside of Australia. Having said that, I looked through the community and found several other people in different countries with the exact same problem.

403 Forbidden

The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.

A quick check shows this webserver is Amazon Web Services - Load balancing on ap.southeast. - which can be in Singapore or Australia. This is the result of doing a basic curl test to the working tpg.com.au

HTTP/1.1 302 Moved Temporarily
Server: awselb/2.0

Here is the full outpout of a curl to support.tpg.com.au - denied.

* Trying 159.60.130.82:80...
* TCP_NODELAY set
* Connected to support.tpg.com.au (159.60.130.82) port 80 (#0)
> GET / HTTP/1.1
> Host: support.tpg.com.au
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< location: https://support.tpg.com.au/
< x-volterra-location: sg3-sin
< date: Mon, 18 Mar 2024 01:34:38 GMT
< server: volt-adc
< connection: close
< content-length: 0
<
* Closing connection 0
root@dev:/tmp# curl -v --connect-timeout 60 https://support.tpg.com.au
* Trying 159.60.130.82:443...
* TCP_NODELAY set
* Connected to support.tpg.com.au (159.60.130.82) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.tpg.com.au
* start date: Mar 2 19:52:08 2024 GMT
* expire date: May 31 19:52:07 2024 GMT
* subjectAltName: host "support.tpg.com.au" matched cert's "*.tpg.com.au"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x564a962b50e0)
> GET / HTTP/2
> Host: support.tpg.com.au
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 403
< strict-transport-security: max-age=31536000
< x-volterra-location: sg3-sin
< content-length: 309
< content-type: text/html; charset=UTF-8
< date: Mon, 18 Mar 2024 01:34:52 GMT
< server: volt-adc
<
<html><head><title>Error Page</title></head>
<body>The requested URL was rejected. Please consult with your administrator.<br/><br/>
Your support ID is e1d6ed41-c6b4-4cd1-a6fb-eaf649d0f2f8<h2>Error 403 - Forbidden</h2>F5 site: sg3-sin<br/><br/><a href='javascript&colon;history.back();'>[Go Back]</a></body></html>
* Connection #0 to host support.tpg.com.au left intact

So,
TPG is basically inaccessable from overseas until you fix the firewall rules or you put in place OTP sms.

Here is the last part of curl output of www.tpg.com.au successful authorization headers for comparison.

SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=tpg.prod.tpmwebsites.c1.tpgtelecom.com.au
* start date: Aug 2 00:00:00 2023 GMT
* expire date: Aug 30 23:59:59 2024 GMT
* subjectAltName: host "www.tpg.com.au" matched cert's "www.tpg.com.au"
* issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x564d19d090e0)
} [5 bytes data]
> GET / HTTP/2
> Host: www.tpg.com.au
> user-agent: curl/7.68.0
> accept: */*
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
} [5 bytes data]
< HTTP/2 200
< date: Mon, 18 Mar 2024 01:37:38 GMT
< content-type: text/html; charset=UTF-8
< set-cookie: AWSALB=JiNhCNeG1B0pQgFakoqVu1DrvH0nYHXgUljKXe9cSIXBjFIRgAbHIcE1iFSi3CVlIbfWKteFb6HOhqBoWtjuLlIyw7uLJAv6S7/Hlrp2jYoubCM9Cw2PBKwsQa1m; Expires=Mon, 25 Mar 2024 01:37:38 GMT; Path=/
< set-cookie: AWSALBCORS=JiNhCNeG1B0pQgFakoqVu1DrvH0nYHXgUljKXe9cSIXBjFIRgAbHIcE1iFSi3CVlIbfWKteFb6HOhqBoWtjuLlIyw7uLJAv6S7/Hlrp2jYoubCM9Cw2PBKwsQa1m; Expires=Mon, 25 Mar 2024 01:37:38 GMT; Path=/; SameSite=None; Secure
< server: Apache
< x-content-type-options: nosniff
< cache-control: max-age=1800, public
< x-drupal-dynamic-cache: HIT
< link: <https://www.tpg.com.au/>; rel="shortlink", <https://www.tpg.com.au/>; rel="canonical"
< link: </home>; rel="revision"
< x-ua-compatible: IE=edge
< content-language: en
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< expires: Sun, 19 Nov 1978 05:00:00 GMT
< last-modified: Sat, 16 Mar 2024 01:15:19 GMT
< etag: "1710551719"
< vary: Cookie,Accept-Encoding
< x-drupal-cache: HIT
< content-security-policy: frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*;
< x-xss-protection: 1; mode=block

As you can see the difference in the responses to the support.tpg.com.au 403 and www.tpg.com.au success 200

This appears to be a webserver administration problem, impacting every TPG customer that travels overseas.

BasilDV · ‎21-03-2024

We'd like to have more details for us to raise this for investigation @neilthyer

When you tried to login to TPG My Account, did it direct you to a page where you need to enter the OTP we sent?

Or it just gives you the error after entering your username and password?

Are you accessing an NBN or Mobile account?

neilthyer · ‎28-03-2024

mobile.

This has been going on for weeks, I had to get a VPN to access these services - so it costs me more use access my phone while I am roaming.

This is a rule error for you firewall / web server, just have the guys fix it or turn on OTP sms like every other telco. OR how about TPG sets up a real email and IM for support.

Error 403 - Forbidden

F5 site: sg3-sin

BasilDV · ‎28-03-2024

We really want to help in resolving this login issue once and for all.

Please send us a private message with your account details and we'll take it from there.

BasilDV

TPG Community

international cannot login to tpg website or mobile app

Error 403 - Forbidden

403 Forbidden

Error 403 - Forbidden