Access Denied When Verifying IPN Paypal
When trying to verify payments using IPN, I get the following error. The same code has been sandbox tested (before and after the error) and validates correctly.
<HTML>
<HEAD>
<TITLE>Access Denied</TITLE>
</HEAD>
<BODY>
<H1>Access Denied</H1>
You don't have permission to access "https://www.paypal.com/cgi-bin/webscr" on this server.<P>
Reference #18.........
</BODY>
</HTML>
The code I'm using looks like this:
$raw_post_data = file_get_contents('php://input');
pplog("Processing POSTed data");
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode ('=', $keyval);
if (count($keyval) == 2)
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&$key=$value";
}
$ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
if(!($res = curl_exec($ch)) ) {
error_log("Got " . curl_error($ch) . " when processing IPN data");
curl_close($ch);
exit;
}
curl_close($ch);
log($res);
I'm on Ubuntu 14.04, with openssl, curl and phpcurl installed, and four hours of debugging.
source to share
Finally found a fix for this after talking to PayPal tech support. It was a problem with something they changed and are working on a fix, but to get it working again you just need to send a "User-Agent" HTTP header with a Curl request, something like:
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name'));
Regarding that "User-Agent" should be installed, it should be at least 5 characters long, maybe your company name as the example shows, but this is optional.
The tech support agent also pointed me to: https://ppmts.custhelp.com/app/answers/detail/a_id/92 if the above fix doesn't work, but it did for me.
source to share
If anyone else finds this through a google search I had a similar problem when visiting any Paypal URL - I would get "Access Denied". The cause was a user agent issue - I had a UA switch extension and I was using Chrome with a non-standard user agent. Reverting to the default user agent fixed the issue.
source to share