Access Denied on Paypal IPN verification

Question

I'm getting the the following error when trying to verify payments using the IPN. The same code was tested on the sandbox (before and after the error) and is verifying properly.

<HTML>
<HEAD>
    <TITLE>Access Denied</TITLE>
</HEAD>
<BODY>
    <H1>Access Denied</H1>

    You don't have permission to access "https://www.paypal.com/cgi-bin/webscr" on this server.<P>
    Reference #18.........    
</BODY>
</HTML>

The code I'm using is as follows:

$raw_post_data = file_get_contents('php://input');
pplog("Processing POSTed data");
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
    $keyval = explode ('=', $keyval);
    if (count($keyval) == 2)
        $myPost[$keyval[0]] = urldecode($keyval[1]);
}
// read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
$req = 'cmd=_notify-validate';
if(function_exists('get_magic_quotes_gpc')) {
    $get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
    if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
        $value = urlencode(stripslashes($value));
    } else {
         $value = urlencode($value);
    }
     $req .= "&$key=$value";
}

$ch = curl_init("https://www.paypal.com/cgi-bin/webscr");
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

if(!($res = curl_exec($ch)) ) {
    error_log("Got " . curl_error($ch) . " when processing IPN data");
    curl_close($ch);
    exit;
}
curl_close($ch);
log($res);

I'm on Ubuntu 14.04, with openssl, curl and phpcurl installed, and four hours of debugging.

I have the same issue since 9th September. I think Paypal changed something but I couldn't find it up to now. — csonuryilmaz, Sep 17 '14 at 09:31
@Onur Yılmaz - Yes, they did. You have to add a USER AGENT header in your POST to paypal. You can set whatever you want for USER-AGENT. — 779IDEAS, Sep 17 '14 at 12:50
Possible duplicate of [PHP cURL how to add the User Agent value OR overcome the Servers blocking cURL requests?](http://stackoverflow.com/questions/17801094/php-curl-how-to-add-the-user-agent-value-or-overcome-the-servers-blocking-curl-r) — Francisco Corrales Morales, Nov 05 '15 at 15:43

score 21 · Accepted Answer · answered Sep 17 '14 at 09:37

Finally found the fix for this after speaking with PayPal Technical Support. It was an issue with something they have changed and are working to fix but to get it to work again you simply have to send a "User-Agent" HTTP Header with the Curl request, so something like:

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close', 'User-Agent: company-name'));

As for what the "User-Agent" should be set as, it just needs to be at least 5 characters, probably your company name as the example shows but it doesn't have to be.

The Technical Support agent also pointed me to: https://ppmts.custhelp.com/app/answers/detail/a_id/92 if the above fix does not work, but it did for me.

It works for me. Now to wait for it to fail again when they change it again. — topher, Sep 17 '14 at 20:57

score 1 · Answer 2 · answered Jul 25 '19 at 15:12

I was also getting access denied (403) from accessing any paypal account, using any browser. Once it happens it continues to happen.

For both Firefox and Safari the solution is to search for all cookies associated with PayPal and delete them. Problem disappears.

score 0 · Answer 3 · answered Apr 08 '15 at 15:57

Anyone else finding this through a Google search, I had a similar problem when visiting any Paypal URL - I would get "Access Denied". The cause was a user agent problem - I had a UA switcher extension, and was using Chrome with a non-standard user agent. Reverting back to the default User Agent fixed the problem.

score 0 · Answer 4 · answered Mar 06 '16 at 21:32

If anyone has this problem on an Android device, try downloading or redownloading "Internet and MMS settings".

Settings - networks - internet settings

I guess by doing this you reset or update any settings that needed to be done. Worked for me on my Sony Xperia Z2!

Access Denied on Paypal IPN verification

4 Answers4

Linked