Not Permitted. Log in to access this page. When user has already logined.

AnneMac666 · January 22, 2026, 4:44pm

Hi, I just encountered this problem a few days ago.

Our company is using ERPNext on Gcloud VMinstance with the info below:

erpnext 15.29.2
frappe 15.33.3
hrms 16.0.0-dev
payments 0.0.1
print_designer 1.x.x-develop

When the user logs in with the company network, everything works fine. However, when they use the other networks, they are stuck with this problem even when they logged in from the start or logged in with the company network and then switched to another network. Same account, same resource, same permission. Happened to all users, including the administrator account, with no ip restriction in place.

1 thing I check is that the user info (sid, csrf_token, etc) is sent in the header for both cases, but with an outside network, no response returns only 403 for permission denied.

asieftejani · January 23, 2026, 6:09am

Sounds like VPC Firewall rules only allow ingress from your company network

AnneMac666 · January 24, 2026, 2:33am

Hi,

Thank you for taking the time to look into my problem. Below are the VPC rules we are using now, and there are no changes from before the problem occurred.

asieftejani · January 24, 2026, 9:49am

Confirm its not a connectivity issue - your users can ping/curl the erpnext site (and raw ip address) from external networks.Paste your curl 403 error here
Also confirm IP whitelist and fal2ban are not triggered (sudo systemctl status fail2ban)
Check nginx configuration. Potential problems could show up in logs at /var/log/nginx/access.log
Try this temporarily - bench --site your-site set-config ignore_csrf True - you might get to the root problem

Best of luck