WTF AT&T
-
I'm getting a 403 Forbidden for pretty much all content on a site, so I figured that I'd just list all of the factors:
- It's pretty much LAMP stack, but it's really Linux/Apache/vertical pipe delimited text file/Python
- I don't really control the server, so I'm a bit limited as to what I can do. Hosted solution, CPanel installed, etc
- I'm used to the Windows stack, so this is a bit outside of my expertise
- This is happening ONLY to people on AT&T's mobile network
- If these users switch to wifi, the problem goes away
- It's not all browsers, it seems to be only Chrome. Some users have reported it in other browsers, but I've been unable to verify
- The 403 page successfully loads, although the one image on it is blocked
- Since that content comes up, I assume that AT&T is somehow invoking a 403 on the server
- Since it's mobile, and I don't have much experience debugging with mobile, I'm not sure where to look
- This site has been around 2006, and has worked perfectly fine (overall) since then, so it's not like it's a new site with permissions issues. It works as it should on computers, wifi, non-AT&T users, etc
- Clearing cache hasn't helped
EDIT/ADDENDUM
- even trying to access a simple test.txt file gives the same result
- after a few attempts, the "Site can't be reached" Chrome error comes up instead
The document root .htaccess has this section in it:
<Files 403.shtml> order allow,deny allow from all </Files>
Which I assume is what allows the page to be shown to these users, but I still don't understand the root cause.
Anyone have an idea of what's going on?
-
Can you at least access the Apache error logs?
-
yeah, but only get basic information for those
IP Address, status code, URI, URI Referrer, content length, etc....not sure if there's a way to turn on more verbose logging
I'm just flat out surprised that this is even a thing, to have this invoked by a single carrier
-
@chubertdev I take it the logged 403 errors don't have anything in common?
-
@chubertdev What about the access logs?
edit: Maybe this could help? https://httpd.apache.org/docs/1.3/mod/mod_log_config.html
-
@chubertdev Is the server running PHP? If so, is it serving up malware PHP?
It's possible you're pwned and AT&T is just the first large ISP to notice.
-
@powerlord said in WTF AT&T:
@chubertdev I take it the logged 403 errors don't have anything in common?
not really, I've even tried accessing a test.txt file in the root, same result.
-
@blakeyrat said in WTF AT&T:
@chubertdev Is the server running PHP? If so, is it serving up malware PHP?
It's possible you're pwned and AT&T is just the first large ISP to notice.
yes, it's running PHP. possible, but wouldn't they block the site outright, instead of invoking the 403 that still serves content?
-
@chubertdev I don't know what they do, it was just a thought.
-
@blakeyrat said in WTF AT&T:
@chubertdev I don't know what they do, it was just a thought.
yeah, I'm not closing off that idea, I'm checking FTP access logs and the directory structure (it's a relatively small site, but I don't manage all of the subdomains), so anything off should stick out like a sore thumb.
-
It also appears to be browser specific.
It happens in Google Chrome. But a friend had Opera on his phone, and it works fine in that. Tested it with another AT&T phone, works fine.
So it's AT&T and Chrome on a phone.
-
@chubertdev said in WTF AT&T:
It also appears to be browser specific.
It happens in Google Chrome. But a friend had Opera on his phone, and it works fine in that. Tested it with another AT&T phone, works fine.
So it's AT&T and Chrome on a phone.
Chrome Data Saver?
-
it works with data saver ON, but fails with it off. (╯°□°)╯︵ ┻━┻
-
@chubertdev said in WTF AT&T:
it works with data saver ON, but fails with it off. (╯°□°)╯︵ ┻━┻
Definitely evidence of transparent proxy then?
-
@Tsaukpaetra said in WTF AT&T:
@chubertdev said in WTF AT&T:
it works with data saver ON, but fails with it off. (╯°□°)╯︵ ┻━┻
Definitely evidence of transparent proxy then?
Yep, AT&T is breaking your traffic...
-
Resolved: told AT&T users to go f*** themselves on 403 page