mercredi 7 février 2018

Multiple unexpected in-domain hops on web request, with random address values?

We have a specific endpoint that users hit (obfuscated below) that should result in a 302 redirect to an external domain.

For whatever reason, an inbound user gets bounced around with a random 5char alphanumeric value ('khYPb/') below before actually getting redirected. This is resulting in 400s at certain points because we're not configured to accept the randomized value

Can anyone tell me wtf this is??

Using Chrome 64 and FF 58 Stack: AWS Sanick Godaddy

302 http://sub.domain.io/?
302 http://sub.domain.io/khYPb/?
200 http://sub.domain.io/?
302 http://59.110.23.222:9011/?
302 External 

(Sometimes seeing this same behavior but instead of a successful redirect, it's 404ing with http://59.110.23.222:9011/randomvalue/randomvalue/randomvalue?)




Aucun commentaire:

Enregistrer un commentaire