iRule - conflicting with IE
I have the following iRule which inserts headers for HSTS, checks 2 data group lists for "referer_check_filetypes" and "referer_allowed_hosts" - those are simply our websites and PDF file types which essentially allow the browser to download a PDF once a user is logged in, as long as they come from a website on the allowed hosts data group list. This iRule also forces SSL traffic.
The issue we are experiencing is - when a user visits a page, they login, and a download is supposed to immediately happen. With this code, in Internet Explorer ONLY, a new tab opens up and the website's homepage is displayed. On the previous tab, the user is allowed to download the PDF.
If I remove the referrer and file type checks within HTTP_REQUEST, everything works as designed. What's supposed to happen is - a new tab pops up and immediately closes, resulting in the PDF being downloaded.
Without this code, the problem is that it results in people downloading PDFs without being logged in if they come from a search engine such as Google after performing a Google search for PDFs that were indexed on our websites. The expected behavior when a user tries to download a PDF via a Google search, they're redirected back to the homepage of the domain that was requested.
site:ourwebsite.com filetype:pdf
I've tried changing HTTP::respond 302 "Location" to HTTP::redirect, however that results in a "This page could not be displayed"
Any ideas why a tab would pop up, and not disappear, confusing the user because they don't know their download link is on the previous tab?
when RULE_INIT {
set static::expires [clock scan 20110926]
}
when HTTP_RESPONSE {
HTTP::header insert "Strict-Transport-Security" "max-age=15552000; includeSubDomains"
}
when HTTP_REQUEST {
set refer_host [string tolower [URI::host [HTTP::header Referer]]]
if { ( [class match [HTTP::path] ends_with referer_check_filetypes] ) and
( not [class match $refer_host contains referer_allowed_hosts] ) } {
log local0. "[IP::client_addr]:[TCP::client_port]: hotlink detected from Referer: $refer_host for [HTTP::host][HTTP::uri]"
HTTP::respond 302 "Location" "http://[HTTP::host]" Cache-Control No-Cache Pragma No-Cache
}
if {([string tolower [HTTP::host]] starts_with "www.")} {
HTTP::redirect "https://[string range [HTTP::host] 4 end][HTTP::uri]"
return
} elseif { [TCP::local_port] == 80 } {
HTTP::redirect https://[HTTP::host][HTTP::uri]
return
}
}