Access Control based on URI and Referer

Hi,

You can use something like that :

when HTTP_REQUEST {
    if { !(([HTTP::host] eq mysite.com and [HTTP::path] starts_with "/scooter/scooterspagers/") or ([HTTP::header Referer] eq "something")) } {
        HTTP::respond 403 content "Forbidden" Connection Close
    }
}

I think that it will provide you the expected behavior.

Regards

Yann

You may use something like this iRule to Allow access to site based on an approved referer header in the request-

when HTTP_REQUEST { 
if { ([HTTP::header exists "Referer"]) and 
([URI::host [HTTP::header value Referer]] eq "approved-referer1.xxx") } {
Allow Request to go throutht...
} 

elseif { ([HTTP::header exists "Referer"]) and 
([URI::host [HTTP::header value Referer]] eq "approved-referer2.xxx") } {
Allow Request to go throutht...

} else {
HTTP::redirect https://www.xxx.com
}

}

I'm using redirect to some web page if connection is not from approved referer1 or referer2 but it can be modified to another action. I hope it helps.

Thanks for your suggestions, I couldn't get them to work for me though, however the below did work as required.

when HTTP_REQUEST { if { not ( [HTTP::uri] contains "/scooter/vespa/" ) } { if { $static::ref_debug } { log local0. "Incoming referer: [HTTP::header Referer]" } switch -glob [string tolower [HTTP::header Referer]] { "https://.scooter.com" { if { $static::ref_debug } { log local0. "From allowed referrer - allow" } return } "http://.example.com*" { if { $static::ref_debug } { log local0. "local domain - allow" } return } default { if { $static::ref_debug } { log local0. "from disallowed referer - redirect" } HTTP::redirect [HTTP::header Referer] } } } }