Forum Discussion
nathe
Aug 20, 2012Cirrocumulus
Block Direct Access to website
Afternoon,
I could do with a bit of guidance please.
I have a front end webserver, load-balanced on LTM, and a link on this webserver to another external facing webserver, also load-balanced.
What I'd like to do is block direct access to the second webserver so it's only accessible to those people who have clicked the link on the first webserver, rather than allowing direct access to it.
After looking at the iRules 101 Security post I've come up with this iRule using the Referer, is this the best and cleanest way of achieving what I'm after?
Thanks
N
when HTTP_REQUEST {
switch -glob [HTTP::header "Referer"] {
"*www.mywebsite.com/*"
"*www.contentwebsite.com/*" {
Allow Request to go through...
}
"" {
HTTP::respond 200 content ""
log local0 "Blank Referer from IP: [IP::client_addr]"
}
default {
HTTP::redirect [HTTP::header "Referer"]
log local0 "Blocked Referer: [HTTP::header value Referer] from IP: [IP::client_addr]"
}
}
}
- nitassEmployeei think referer header may be available on only page which is linked from the front-end web server i.e. not every page or component in the page of the 2nd web server. so, should it be checked on specific url only?
- natheCirrocumulusThanks for the reply nitass,
- hoolioCirrostratusThe Referer header will start with a protocol like http:// or https://. You could try something like this to be more specific:
when HTTP_REQUEST { switch -glob [string tolower [URI::host [HTTP::header "Referer"]]] { "www.mywebsite.com" "www.contentwebsite.com" { Allow Request to go through... } "" { HTTP::respond 200 content "" log local0 "Blank Referer from IP: [IP::client_addr]" } default { HTTP::redirect [HTTP::header "Referer"] log local0 "Blocked Referer: [HTTP::header value Referer] from IP: [IP::client_addr]" } } }
- natheCirrocumulusHoolio,
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects