URLs rewritten from MICROSOFT-CORP-MSN-AS-BLOCK

We have a website which cart accepts URL with paremeters from newsletters or online offers. The URL is like the following:

ourwebsite.com/cart/?c=INTEGER&product=INTEGER&coupon=SOMEVOUCHER

Let’s narrow it down to something like.

ourwebsite.com/cart/?c=1&product=3&coupon=AAAAAA

We have detected that when the HTTP requests come from some network block with ISP ID: MICROSOFT-CORP-MSN-AS-BLOCK, which seems to be comming from MS Azure, the coupon parameter is changed to:

ourwebsite.com/cart/?c=1&product=3&coupon=BBBBBB

The coupon code is of the same length as the original, but it obviously makes our cart page return an “Invalid coupon” message resulting in the client leaving the page.

Could anybody shed some light on this awkward behavior?, to say the least.

It turned out to be Safe-Links feature in MS products

In our case this “feature” is selectively rewriting only some parts in our -add to cart- URLs, in a way that messes them up completely.

I won’t judge on the kind of “features” that MS adds to their products, each one should draw his own conclusions.

1 Like