Hey @arminelec, sorry for delay. Thought I’d start a dedicated thread for this. I’m thinking aloud here of all the possibilities that come to mind, and what can be eliminated, based on experience from work. Appreciate not all of these will be appropriate for your situation. I hope an expert on here can weigh in too! It is an odd one, but odd ones do happen
The first thing to note is that right now I am not seeing the problem today on my PC, but I did just set up a traffic inspector for decrypting SSL traffic via an intermediate certificate. My mobile still sees the issue on wifi and 4G. It may be that a reboot of my PC may retrigger the issue due to the TLS interference.
- My understanding of the problem:
A small percentage of users are redirected to another random website. Both sites have correctly configured TLS / SSL certificates that I can see, I ran checks on both. This is not specific to a machine, or a network. Possibly region, will come on to that.
This is either malicious, or a misconfiguration somewhere. I don’t see any obvious evidence of malicious activity, the redirected site seems to be an unused Wordpress blog for a genuine business. However, a redirect on your side to this business would also be strange.
- Possible causes and things that can be ruled out:
a. DNS resolution can be ruled out for now - you gave me the IP address of your site and I was able to resolve to the same IP via my own ISPs DNS servers, as well as Google’s. The redirect site has a consistently different IP address across all DNS servers as well.
b. TLS certificate issue seems unlikely without a DNS issue as well, and no obvious problems with the certs. I mentioned the traffic inspector issue above, but it’s not proof of a problem there.
On to other candidates:
c. You mentioned you have a dedicated server. Could this be dedicated servers, as far as your host provider is concerned? A very common cause for intermittent site issues is one or more of the origin servers has a mis-configuration. And then DNS resolution will send most clients to the correct site, and a few to the wrong one.
Edit: in this case I am making a rough assumption here, which is that each web server is configured with a private IP address, and sitting in front of them is a load balancer, firewall, or both, with a public IP address. That device will balance request traffic across those servers. Public traffic to the device will either be ‘direct’ (there may be stages of firewalls in reality at a provider), or from a CDN.
You can eliminate this possibility by checking your web config, or configs, and also searching your web server traffic response logs. You can extract all 301s and 302s, plus 304s if appropriate. Also the text string for the redirected domain site to see if that is referenced. Naturally if there are multiple servers, they all need to be checked. If you have sufficient access then it’s possible to create batch file or equivalent that will do this job and output all the results to a text file.
d. Speaking of 304s, do you use a CDN in front of your site, or another form of cache such as Varnish? It is possible to have a misconfiguration, or even a strange cache corruption there. Also are there any patterns to the users? Eg are they in the UK? There could be some incorrect logic either on the CDN side, or potentially on origin, that pushes some users elsewhere. I don’t currently have the traffic inspector CDN headers set up because I’ve done a fresh install, but I will do it later. It’s a bit fiddly on my app though.
e. The last one is a real random hunch guess time. The other possibility is some odd routing misconfiguration at the ISP level, possibly region based. It would be very rare and I can’t see anything on the DNS level to suggest this, but it’s not impossible. Only the ISP tech support would be able to check their DNS and web servers just to eliminate anything there.
Right now that’s everything that springs to mind, and I’m sorry it doesn’t prove anything or give an answer. Perhaps all this is obvious too! I’ll update of course if I have any ‘eureka’ moments