|
|
|
|
|
|
by ransackdev
1118 days ago
|
|
|
Couple things to consider 1. Check your competitors who return json and see if they have a Location header 301'ing or 302'ing all their traffic to your service (if the client follows redirects). 2. Reverse dns lookup your origin ips and see if anyone has a domain's dns pointed at your service. Check the Host header on your end and make sure it's your domain as well as ensure your web server and/or proxy are not blindly accepting traffic for `*`/any host, and make sure it's serving only your host 3. Ip address headers can be spoofed. It might not be coming from where you think it's coming from |
|
|