top | item 42812870 (no title) napsterbr | 1 year ago Whatever their play, detect and drop the redirects. Good job on noticing it early on! discuss order hn newest kbolino|1 year ago You cannot detect a 301 redirect when you're only in control of the destination. eastbound|1 year ago Not through the referrer? load replies (1) HughParry|1 year ago Presumably just throwing a 403 if they have this referrer is ok and won't have a weird SEO impact or something? jsheard|1 year ago Couldn't the attacker evade that by sending Referrer-Policy: no-referrer with their redirect? load replies (2) thiago_fm|1 year ago No, and the earlier you do the better.Later it might have
kbolino|1 year ago You cannot detect a 301 redirect when you're only in control of the destination. eastbound|1 year ago Not through the referrer? load replies (1)
HughParry|1 year ago Presumably just throwing a 403 if they have this referrer is ok and won't have a weird SEO impact or something? jsheard|1 year ago Couldn't the attacker evade that by sending Referrer-Policy: no-referrer with their redirect? load replies (2) thiago_fm|1 year ago No, and the earlier you do the better.Later it might have
jsheard|1 year ago Couldn't the attacker evade that by sending Referrer-Policy: no-referrer with their redirect? load replies (2)
kbolino|1 year ago
eastbound|1 year ago
HughParry|1 year ago
jsheard|1 year ago
thiago_fm|1 year ago
Later it might have