Platform: Access Denied. Request was blocked by our security service

Update timeline

1. resolved Oct 23, 2025, 11:07 PM UTC

   [Resolved] - This incident has been resolved. We are investigating reports that some customers are unable to access their tenant. Affected users may see the message: “Access Denied. Error 16. The request was blocked by our security service.” We have identified the issue as an invalid Web Application Firewall (WAF) policy that is unintentionally blocking traffic from certain regions. Our teams are working to revert the policy to restore access.

2. postmortem Oct 23, 2025, 11:07 PM UTC

   **Incident Overview** Platform and Secret Server Cloud services in certain regions were inaccessible to customers who encountered the following error: “Access Denied. Error 16. The request was blocked by our security service.” Start Time: October 23, 2025, 14:01 UTC End Time: October 23, 2025, 15:28 UTC The issue affected traffic originating from the Netherlands, Belarus, Pakistan, Kazakhstan, Iran, and most countries in Africa. Customers from other regions were not impacted. **Root Cause** An invalid Web Application Firewall \(WAF\) policy was inadvertently deployed to the production environment. The policy was intended for a test website but was mistakenly applied to the Platform WAF configuration, resulting in legitimate traffic from multiple regions being blocked. The invalid policy was identified and reverted at 15:11 UTC, restoring normal access. **Preventive Actions** * Strengthen the change control process with an additional verification step to prevent test policies from being deployed to production. * Reinforce environment-specific deployment training for internal teams. * Update operational playbooks to ensure teams can quickly validate and roll back WAF configuration changes.