Upon visiting https://publishers.basicattentiontoken.org/ I got a rather unexpected 403 Forbidden error. I haven’t done anything to end up in this situation and in fact, I haven’t visited the publisher website since 10th of June or so.
This looks like an IP based deny rule which targeted my IP address. The address itself hasn’t changed for a long time now. Obviously, I can’t post the address in a public forum.
Does not work in my main profile, private session, or curl in command line - which is a different HTTP client altogether
Works if I access the website from private session + TOR. In fact, I could authenticate just fine, so there’s no issues with my account itself.
Oddly enough, despite returning the forbidden error, if I try to use the authentication URL under the circumstances which return the 403 error, the session is expired. This indicates that the request actually hits your application server before getting the 403 error, so it’s not your edge networking who’s denying the request.
By edge networking I mean Fastly. Just a simple look at the HTTP headers suggested that you may be using them, even before resolving publishers.basicattentiontoken.org to remove all doubt. I’ve been in the web business for far too long.
Hey! Thanks for the great info, yesterday we deployed a change to our systems to front Fastly before access to the server.
Weirdly I do see 403’s on the log-in path, and i’m trying to track it down. Can you list the first two segments of your IP? I’m seeing some IPs but it’s hard to know if those IP addresses are valid client IPs or hitting our rate-limiting code.
Hi Cory. I’m wondering if I’m affected by this. I tried to access my publisher account and it says on the top left in small print “Forbidden”. I don’t know if I’m related to this issue. I use a Macbook.
After around 4 days of having this “forbidden” issue, I now have access to my publishers account. I never did anything personally to remedy this so have no explanation.