nathe
Aug 20, 2012Cirrocumulus
Block Direct Access to website
Afternoon,
I could do with a bit of guidance please.
I have a front end webserver, load-balanced on LTM, and a link on this webserver to another external facing webserver, also load-balanced.
What I'd like to do is block direct access to the second webserver so it's only accessible to those people who have clicked the link on the first webserver, rather than allowing direct access to it.
After looking at the iRules 101 Security post I've come up with this iRule using the Referer, is this the best and cleanest way of achieving what I'm after?
Thanks
N
when HTTP_REQUEST {
switch -glob [HTTP::header "Referer"] {
"*www.mywebsite.com/*"
"*www.contentwebsite.com/*" {
Allow Request to go through...
}
"" {
HTTP::respond 200 content ""
log local0 "Blank Referer from IP: [IP::client_addr]"
}
default {
HTTP::redirect [HTTP::header "Referer"]
log local0 "Blocked Referer: [HTTP::header value Referer] from IP: [IP::client_addr]"
}
}
}