Encountering an "Access Denied" error (HTTP 403, 401, or a custom branded block page) on a corporate sustainability page is a critical failure. For Australian enterprises ( .com.au ), these pages often house mandatory Modern Slavery Statements, Net Zero transition plans, or Annual ESG reports. An access barrier here doesn't just break a link—it damages regulatory compliance and stakeholder trust.
However, I can write a definitive, long-form guide based on that cause "Access Denied" errors on corporate /sustainability/ subfolders.
The mod_rewrite rules have a typo. A common mistake is a rule intended to block wp-login.php or xmlrpc.php that accidentally captures the word "fix" (a common URL slug for remediation plans). access denied https wwwxxxxcomau sustainability fix
The CDN (Akamai, Fastly, CloudFront) has a stale edge certificate or a mismatched host header. When the CDN requests https://www.xxxxcomau/sustainability/fix from the origin server, the origin sees the CDN's IP and denies access because the Host header doesn't match the expected domain.
The slug /sustainability/fix contains the sequential characters fix . The WAF's signature set falsely identifies this as an attempt to access php://filter or a fix in a SQL UNION statement. Because fix is a reserved word in some regex blacklists, the request is killed. Encountering an "Access Denied" error (HTTP 403, 401,
The Symptom: "Access Denied" appears only for users on specific ISPs (e.g., Telstra vs. Optus). The error is a 403 with ERR_SSL_VERSION_OR_CIPHER_MISMATCH in the console.
The error is a 200 OK page that says "Access Denied" (a soft 403), not a true server-level 403. The URL loads but content is hidden. However, I can write a definitive, long-form guide
That breaks every citation from investors and regulators. Instead, use the diagnostic checklist above to surgically remove the block while keeping your security posture intact. Note: If you control the xxxxcomau domain, replace the placeholder with the actual URL and run a full WAF audit. If you are a visitor, attempt the caching workarounds immediately, as the document you need is likely still on the server—just hidden behind a misconfigured gate.