Let’s say a web server administrator has configured his web server to deny traffic from my IP address or address range and throws an http 403 forbidden when I hit the site. (In this scenario I am trying to access the server over the Internet and he knows the external address of the network my traffic originates from.)
Is there a way to prove that he is blocking my IP address/range aside from exhaustively showing (which is impossible) that I can successfully access the site from other IP ranges? Assume I am unable to communicate with the maintainer of the system.
Nothing can be proven without access to server logs and configuration.
Even in your second example of a network ACL, you still cannot conclusively prove anything with any amount of network tools without either access to the firewall config or at the very least, the ability to nab packet captures directly outside and inside the firewall.
If you’re not the administrator of the system, all you can do is make educated guesses as to what’s going on.