I am experiencing an issue with my website hosted on an IIS server. When accessing the site, if the Referer header contains google.com, bing.com, or any other search engine, the site gets redirected to a malicious page. However, if I remove the Referer header, the site loads successfully without any issues.
I suspect this behavior might be related to a vulnerability in the way redirects are handled based on the Referer header. This issue only occurs with search engine referers and seems to be triggered by the presence of these specific referers
Here are the details of a typical request that causes the redirect
GET / HTTP/2
Host: example.com
Cookie: _ga_2FK43E86ZM=GS1.1.1721305211.3.1.1721306057.0.0.0; _ga=GA1.2.2000218721.1721294436; _ga_SJ54V8FC8G=GS1.1.1721815198.3.1.1721815922.0.0.0; ASP.NET_SessionId=awofngu4rog3mmb5b4efzjnw; collect_chat_page_load=4; _gid=GA1.2.377104470.1721815201; _gat_UA-203476796-1=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Referer: google.com
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
When the Referer header includes google.com, bing.com, or any other search engine, the site redirects to a malicious page. Removing the Referer header prevents this redirect.
What I have tried:
I need assistance in diagnosing and resolving this issue. Any insights or suggestions would be greatly appreciated