Had a recent issue with requests from our front end interface being blocked & surfacing as 403 errors directly to the user in an error message within the web application.
This was weird because we were not seeing corresponding 403s coming from our backend application and couldn’t find anything that would generate a 403.
We were able to get an HAR file from the user that made it look like the 403 was actually coming from the backend – at least, in the HAR file, the endpoint that was being called, /user/me
, showed up as responding with a 403 error.
After looking at the requests in more detail, we found the following response header was also (apparently) being returned by the server:
{
"name": "IF7-Status",
"value": "blocked"
},
We’d never seen this header before – it wasn’t present in our code base, including any of our dependencies. Websearch for “IF7-Status” revealed no relevant results.
So we started to wonder if it might be getting injected by some other software on the user’s computer. And of course, that’s exactly what it was – the user has some Internet filtering software installed on their PC called Streamline3 which for whatever reason had something matching this endpoint in their blocklist.
This post exists purely to put the term “IF7-Status” on the Internet in case anyone else runs into this issue.