http referer iRule assistence

Question

I have the below iRule. I want to modify it so that if users insert images into the docs via the browser, the connection doesn't break. It breaks because the images are coming from their local systems and not from sharepoint. I haven't been able to think of anything dynamic. I.E., if the user inserts different types of images(jpeg, giff, etc...), videos, etc.&nbsp;
when RULE_INIT {
     user-defined: enable/disable debug (1/0)
    set static::ref_debug 0
}
when HTTP_REQUEST {
     This iRule will check the HTTP referer to make sure the &nbsp;
traffic arriving at the OWA is in-fact coming from Sharepoint.
      if { not ( [HTTP::uri] contains "/favicon" ) } {
        if { $static::ref_debug } { log local0. "Incoming &nbsp;
referer: [HTTP::header Referer]" }
        switch -glob [string tolower [HTTP::header Referer]] {
            "https://sharepoint/*" {
                if { $static::ref_debug } { log local0. "From &nbsp;
allowed referer - allow" }
                return
            } 
            "https://OWA/*" {
                if { $static::ref_debug } { log local0. "local &nbsp;
domain - allow" }
                return
            }
            default {
                if { $static::ref_debug } { log local0. "from &nbsp;
disallowed referer - redirect" }
                HTTP::redirect [HTTP::header Referer]
            }
        }
    }
}&nbsp;

kai_wilke · Answer

Hi Sonny,
you could simply add an additional whitelist for problematic web pages (e.g. upload page)...
when HTTP_REQUEST {

This iRule will check the HTTP referer to make sure the traffic arriving at the OWA is in-fact coming from Sharepoint.

if { not ( [HTTP::uri] contains "/favicon" ) } { 
        if { $static::ref_debug } { log local0. "Incoming referer: [HTTP::header Referer]" } 
        switch -glob [string tolower [HTTP::header Referer]] { 
            "https://sharepoint/*" { 
                if { $static::ref_debug } { log local0. "From allowed referer - allow" } 
                return 
            } 
            "https://OWA/*" { 
                if { $static::ref_debug } { log local0. "local domain - allow" } 
                return 
            } 
            default {
                if { $static::ref_debug } { log local0. "from disallowed referer - redirect" }
                switch -glob -- [string tolower [HTTP::uri]] {
                    "*upload.aspx*" - \
                    "*attachment.aspx*" - \
                    "*somepage.aspx*" - \
                    "*whitelist.aspx*" {
                        if { $static::ref_debug } { log local0. "Explicitly whitelisted URL - allow" }
                        return
                    } 
                    default {
                        HTTP::redirect [HTTP::header Referer] 
                    }
                }
            } 
        } 
    } 
}

Cheers, Kai

sonny · Answer

Thanks for the suggestion Kai. However, it didn't work. The .aspx pages are accounted for with the "https://sharepoint/" and "https://OWA/", right?&nbsp;

sonny · Answer

If you use _._, it works!&nbsp;
switch -glob -- [string tolower [HTTP::uri]] {
                    "_._" {
                        if { $static::ref_debug } { log local0. "Explicitly whitelisted URL - allow" }
                        return
                    }&nbsp;
Hmm, the "star.star" doesn't show up on DevCentral.&nbsp;

Forum Discussion

http referer iRule assistence

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

iRule assistance for subfolder redirect

Reference iFile inside CSS file - Is it possible?

iRule assistance

iRule assistance

iRule assistance

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS