An affiliate marketing person has recently started sending my website strange traffic.
1) The visitor hits my site at the affiliate's special location, which performs a 302 redirect to the homepage of the site.
2) The visitor follows the redirect to the homepage of the site, where they are served another 302 redirect and then disappear.
Here is what the logs look like specifically:
www.example.com 74.197.XX.XXX - - [20/Aug/2009:16:15:28 -0400] "GET /go HTTP/1.1" 302 298 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Zune 2.0)"
www.example.com 74.197.XX.XXX - - [20/Aug/2009:16:15:28 -0400] "GET / HTTP/1.1" 302 460 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Zune 2.0)"
When I personally visit the first URL, I get redirected and then when I get the homepage, I get the regular HTML content and then download all the usual page assets ( js / css / images, etc ).
But these visitors, and there are hundreds of them all with varying ip addresses and user agents, etc, all follow this strange pattern of two 302 redirects and then poof.
Following the referer of some of the visits, the source of the traffic looks pretty bad. Your typical pop-under BS.
My primary concern is, what is happening to these 'visitors' with that second 302 redirect? Why is my server doing a 302?
The only thing in the code that would result in a 302 redirect from the homepage would be if the visitor has cookies disabled. But in that case, I would see a whole series of requests before the browser timed out due to the 'this site is redirecting in a way that will never complete' issue. (Basically, if I don't see they have a site cookie, they get redirected to 'refresh' the session which then lets me see the cookie.)
Regardless, it's unlikely that all 300+ visitors who came in like this would have cookies disabled.
Are there any outside influences that could cause my server to do a redirect? Is there anyway to configure apache logging to include the location that the 302 points to?
I don't have any conjectures why you're getting the second 302, but I can help you with the logging.
You can try a
%{Location}o
format string in a LogFormat to log the value of the Location response header.You might want to use "%>s" instead of "%s" to get the final status, or use both. If you can set a REDIRECT environment variable when you generate the 302 response, you can limit the entries in redirect log to only redirected responses by appending "env=REDIRECT" to the CustomLog directive.
Are any the redirected visitors using big name browsers?