Forum Discussion
NimbostratusBlocking an URI wildcard to a specific Hostname and using an header
Hi,
I'm trying to block wildcard " /* "but I need to allow access to " /pathA/* " and " /pathB/* " from a specific hostname, I need also to block these paths in the "Referer" header.
Basically, every access to " /* " should be rejected exept paths containing keyworld "pathA" and "pathB".
I have tried this iRULE but it seems to not work:
when HTTP_REQUEST {
if { ([string tolower [HTTP::host]] contains "myhostname.society.com") && (![HTTP::uri] contains "/pathA" || ![HTTP::uri] contains "/pathB")} {
HTTP::respond 403
}
elseif { ((![HTTP::header "Referer"] contains "/pathA") || (![HTTP::header "Referer"] contains "/pathB")) }
{
HTTP::respond 403
}
}
Can you help me ?
regards
2 Replies
cjuniorNacreous
Hello,
According to my understanding, could be this:
when HTTP_REQUEST { if { [string tolower [HTTP::host]] contains "myhostname.society.com" && !( [HTTP::uri] contains "/pathA" || [HTTP::uri] contains "/pathB" || [HTTP::header Referer] contains "/pathA" || [HTTP::header Referer] contains "/pathB" ) } { HTTP::respond 403 } }as well this one:
when HTTP_REQUEST { if { [string tolower [HTTP::host]] contains "myhostname.society.com" } { switch -glob [HTTP::path][HTTP::header Referer] { "*/pathA*" - "*/pathB*" { } default { HTTP::respond 403 } } } }I hope it helps.
FaresBNevermind, Actually this iRULE seems to be ok !!
I used only this one on my VS and everything looks fine ,
the condition switch -glob [HTTP::path][HTTP::header Referer] is perfect in my case !!
Thanks you cjunior !!
Here the solution worked on my case:
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] contains "hostname" } {
switch -glob [HTTP::path][HTTP::header Referer] {
"*/pathA*" -
"*/pathB*" { }
default { log local0. "condition header et hostname"
reject }
}
}
}
