For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sonny's avatar
Sonny
Icon for Cirrus rankCirrus
Aug 23, 2016

http referer iRule assistence

I have the below iRule. I want to modify it so that if users insert images into the docs via the browser, the connection doesn't break. It breaks because the images are coming from their local system...
application delivery
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Aug 23, 2016

Hi Sonny,

you could simply add an additional whitelist for problematic web pages (e.g. upload page)...

when HTTP_REQUEST { 

     This iRule will check the HTTP referer to make sure the traffic arriving at the OWA is in-fact coming from Sharepoint. 

    if { not ( [HTTP::uri] contains "/favicon" ) } { 
        if { $static::ref_debug } { log local0. "Incoming referer: [HTTP::header Referer]" } 
        switch -glob [string tolower [HTTP::header Referer]] { 
            "https://sharepoint/*" { 
                if { $static::ref_debug } { log local0. "From allowed referer - allow" } 
                return 
            } 
            "https://OWA/*" { 
                if { $static::ref_debug } { log local0. "local domain - allow" } 
                return 
            } 
            default {
                if { $static::ref_debug } { log local0. "from disallowed referer - redirect" }
                switch -glob -- [string tolower [HTTP::uri]] {
                    "*upload.aspx*" - \
                    "*attachment.aspx*" - \
                    "*somepage.aspx*" - \
                    "*whitelist.aspx*" {
                        if { $static::ref_debug } { log local0. "Explicitly whitelisted URL - allow" }
                        return
                    } 
                    default {
                        HTTP::redirect [HTTP::header Referer] 
                    }
                }
            } 
        } 
    } 
}

Cheers, Kai