For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mtobkes_108891's avatar
mtobkes_108891
Icon for Nimbostratus rankNimbostratus
Apr 13, 2011

Error with or operator

Hi,     I'm having issues with this iRule when trying to match multiple strings using the or operator. Oddly enough I don't get the error in line 2 but I do in line 4. Can you please tell me h...
application delivery
dev
devops
iRules
mtobkes_64700's avatar
mtobkes_64700
Icon for Nimbostratus rankNimbostratus
Apr 20, 2011

Thanks all!

 

 

Here is my updated iRule:

 

 

when HTTP_REQUEST {

 

set uri [string tolower [HTTP::uri]]

 

if { ($uri contains "font") && ($uri ends_with ".eot" || $uri ends_with ".ttf" || $uri ends_with ".svg" || $uri ends_with ".woff") } {

 

log local0. "uri matches font and allowed extensions"

 

set headerstr [string tolower [HTTP::header "Referer"]]

 

if { $headerstr contains ".abc.com" || $headerstr contains ".xyz.com" || $headerstr contains ""} {

 

set referer { [HTTP::header "Referer"] }

 

log local0. "referer variable set to $referer"

 

set origin { [HTTP::header "Origin"] }

 

log local0. "origin variable set to $origin"

 

} else { HTTP::respond 403 content "403 - Forbidden"

 

log local0. "403 sent to client"

 

}

 

}

 

}

 

when HTTP_RESPONSE {

 

if { [$origin exists] } {

 

HTTP::header insert Access-Control-Allow-Origin [$origin]

 

}

 

}

 

 

 

If not the referer, what other option is there since referer is easily spoofed? I am using the origin header in my responses but it is not always present in requests.

 

 

 

Thanks again for all your help!

 

 

 

Myles