The "Access Denied" message includes a Reason: XXXX – e.g., "Reason: Directory Traversal" or "Reason: SQL Injection attempt."
The server's hotlink protection is inspecting the Referer header. If the referrer is not www.xxxxcomau , the server denies access. Sustainability pages are frequently linked from external ESG rating agencies (CDP, MSCI), which triggers this false positive. access denied https wwwxxxxcomau sustainability fix
That breaks every citation from investors and regulators. Instead, use the diagnostic checklist above to surgically remove the block while keeping your security posture intact. Note: If you control the xxxxcomau domain, replace the placeholder with the actual URL and run a full WAF audit. If you are a visitor, attempt the caching workarounds immediately, as the document you need is likely still on the server—just hidden behind a misconfigured gate. The "Access Denied" message includes a Reason: XXXX – e
The mod_rewrite rules have a typo. A common mistake is a rule intended to block wp-login.php or xmlrpc.php that accidentally captures the word "fix" (a common URL slug for remediation plans). That breaks every citation from investors and regulators
However, I can write a definitive, long-form guide based on that cause "Access Denied" errors on corporate /sustainability/ subfolders.
The sustainability microsite is accidentally inheriting rules from a subscriber-only section (e.g., /investors/ or /research/ ). This happens due to a misconfigured path structure in the reverse proxy.