Forum Discussion
Alfonso_Santia2
Altostratus
AltostratusBlock access to apps by browser. Allow only iPhone or Android accesss
Customer has an application that they want access only through the mobile device app.
They have recently found that the application can be accessed through any browser.
We have configured the following iRule but it is not working:
when HTTP_REQUEST {
if { ([HTTP::header User-Agent] contains "iphone") or ([HTTP::header User-Agent] contains "Android") } {
HTTP::redirect http://www.oursite.com}
if { ([HTTP::header User-Agent] contains "(IE|Mozilla|Safari|Chrome|Opera)") } {
drop
}
}
Any ideas how to achieve this?
Thanks
- Daniel_Wolf
MVP
Hi Alfonso,
this iRule should work. However I strongly discourage the use of it. User-Agent Headers can be forged easily. Anyone who knows how to access Developer Tools in a browser can change his User-Agent string to whatever they want.
when HTTP_REQUEST { if {([string tolower [HTTP::header "User-Agent"]] contains "iphone") || ([string tolower [HTTP::header "User-Agent"]] contains "android") } { return } else { reject } }- Alfonso_Santia2
Hello Daniel,
Thanks for your reply. Will try this out but gave caution to customer as well.
What do you suggest how best to go about this requirement - allow only the access through mobile app (iPhone and Android) ?
- Daniel_Wolf
Without knowing much about the app and the setup (does the customer have APM maybe?) it is difficult to provide a good answer.
Maybe client certificate validation, which can be configured in the client-side SSL profile, could be a better solution?
Nuhu_2007Nimbostratus
