Upon visiting https://publishers.basicattentiontoken.org/ I got a rather unexpected 403 Forbidden error. I haven’t done anything to end up in this situation and in fact, I haven’t visited the publisher website since 10th of June or so.
This looks like an IP based deny rule which targeted my IP address. The address itself hasn’t changed for a long time now. Obviously, I can’t post the address in a public forum.
- Does not work in my main profile, private session, or curl in command line - which is a different HTTP client altogether
- Works if I access the website from private session + TOR. In fact, I could authenticate just fine, so there’s no issues with my account itself.
- Oddly enough, despite returning the forbidden error, if I try to use the authentication URL under the circumstances which return the 403 error, the session is expired. This indicates that the request actually hits your application server before getting the 403 error, so it’s not your edge networking who’s denying the request.
curl -i https://publishers.basicattentiontoken.org/log-in HTTP/1.1 403 Forbidden Connection: keep-alive Server: Cowboy Content-Type: text/plain Cache-Control: no-cache X-Request-Id: 5a6adcf3-4482-498a-abd0-5a130d71001e X-Runtime: 0.002242 Strict-Transport-Security: max-age=31536000; includeSubDomains Via: 1.1 vegur Accept-Ranges: bytes Date: Thu, 02 Jul 2020 18:23:18 GMT Via: 1.1 varnish X-Served-By: cache-lcy19258-LCY X-Cache: MISS X-Cache-Hits: 0 Vary: Accept-Encoding transfer-encoding: chunked Forbidden
By edge networking I mean Fastly. Just a simple look at the HTTP headers suggested that you may be using them, even before resolving publishers.basicattentiontoken.org to remove all doubt. I’ve been in the web business for far too long.
Please look into this.