About "Access Denied"

What causes "Access Denied" errors?

From time to time, we hear about someone attempting to access one of our members sites and receiving a NearlyFreeSpeech.NET "Access Denied" error in response.

This message is almost always generated in response to a very specific error condition: your browser attempted to open too many simultaneous connections to a single member site. The only other case affects only certain international web spiders that do not obey robots.txt. So, If you are a human being and you are receiving an "Access Denied" error from our network, it is because your browser is opening too many simultaneous connections.

Fortunately, this is not a punitive error; you haven't been blocked or added to any lists, and you don't need anyone's permission or cooperation to make it go away. You can generally clear it up in just a couple of minutes using the instructions we provide below.

It's important to remember that this problem never occurs during ordinary browsing. All "major" web browsers currently do the right thing by default, and our network works with all of them. In the vast majority of cases, opening too many simultaneous connections happens because of a plugin, toolbar, or extension you have loaded into your browser that changes its default behavior.

There are a few other ways that people, mainly the site developers themselves, can open too many connections; we'll cover those at the end of this page.

How many simultaneous connections are enough?

The HTTP standard (to which all browsers are supposed to adhere) recommends that a browser should not attempt to open more than two simultaneous connections to the same site. That's not always enough, and the major browsers seem to be settling on 8 as the best value in practice. Any fewer than that and certain types of pages (e.g. those with AJAX content or lots of small images) might slow down. Any more, and a single browser can start tying up an unfair share of resources on the web server it's talking to.

However, there are reasons other than fairness to limit the number of simultaneous connections one person can make to a single site. Some denial-of-service attacks center around tying up all the web server's possible connections so that other people can't get in. Also, lots of badly-written spambots retrieve pages from sites in bulk, and tie up lots of connections doing it, looking to harvest email addresses. They don't care if each page on your site was lovingly crafted by a PHP script and a few dozen database queries; they just open as many as they can, as fast as they can.

With all this in mind, we've set our network to allow as many as 10 simultaneous connections, per server IP, per client IP. (This is an even bigger limit than it sounds, since we issue each site 3 IP addresses by default.) This seems to be the best compromise between allowing site visitors maximum flexibility and preventing attacks and runaway spambots from harming our members' sites.

A few words about Fasterfox.

Most of the complaints we receive about "Access Denied" errors trace directly back to a Firefox extension called Fasterfox. Both the "Optimized" and "Turbo" settings for Fasterfox will exceed the allowable number of connections and cause problems. Of the two, only the "Turbo" setting warns users that it's abusive to web servers.

In many cases, that means people use it for certain other features it provides, like the page load timer, and pick "Optimized" or "Turbo" without knowing what those settings do. Then, they're surprised and disappointed when they run into problems.

Unfortunately, this extension not only quietly drives the number of connections way up without always making it clear what it's doing, but it also actually changes what Firefox thinks the default value is supposed to be and doesn't appear to uninstall properly, so getting rid of it won't always fix the problems it causes.

So, if you use or have ever used Fasterfox, please follow our Firefox instructions below to check your browser and, if needed, help it to toe the line.

How do I fix my browser?

Since the most common cause of "Access Denied" errors is an overzealous browser plugin, toolbar, or extension, disabling any such extension may help (unless it's Fasterfox; see above).

We've put together some instructions for each of the major browsers to help you check and change the relevant settings and eliminate this error.

Firefox 2, 3 (and Camino)

  1. Type about:config into the address bar.
  2. Scroll down to the row that reads network.http.max-connections-per-server in the Preference Name column.
  3. Make sure the corresponding entry in the Value column is 8.

Firefox Screenshot

Opera 9 (under MacOS X)

  1. Select Preferences... on the Opera menu.
  2. In the Preferences dialog, select the Advanced tab.
  3. On the Advanced tab, click the Network option.
  4. In the lower right, look for the line Max connections to a server and make sure the corresponding select box is set to 8 (default).

Opera Screenshot

If my browser is okay, what else can cause this?

There are a few other types of behavior that can also cause you to open too many simultaneous connections and run afoul of "Access Denied."

  • If you have more than one browser open on your computer at a time, and you load the same site in both at the same time.
  • If you have more than one computer behind some residential NAT gateways, and you access the same site from both computers at the exact same time. (Most commercial firewalls do not have this problem as they use standards-aware HTTP proxies that correctly regulate the total number of outbound connections they make to a single server.

These are unpredictable and tricky to hit, as you have to do it at the exact same time. For example, loading a page in one browser and then loading it in another browser generally won't cause this problem, unless there's some other issue, like pages taking a very long time to load, that causes the first browser to still have connections open when you start the second one. For that reason, these generally only come up when the developer of a site is testing browser compatibility. As long as you're surfing a site with one browser at a time, on one computer at a time, you shouldn't have any trouble.