Forum Discussion
Joe_Pipitone
Nimbostratus
NimbostratusiRule - conflicting with IE
I have the following iRule which inserts headers for HSTS, checks 2 data group lists for "referer_check_filetypes" and "referer_allowed_hosts" - those are simply our websites and PDF file types which...
Michael_Jenkins
Cirrostratus
CirrostratusCould you add a little more logging to the iRule to grab the path, referer and then in each of the flows just to track how the request is being handled? That may give a better picture of what's going on.
when RULE_INIT {
set static::expires [clock scan 20110926]
}
when HTTP_RESPONSE {
HTTP::header insert "Strict-Transport-Security" "max-age=15552000; includeSubDomains"
}
when HTTP_REQUEST {
set refer_host [string tolower [URI::host [HTTP::header Referer]]]
log local0. ""
log local0. "Path: '[HTTP::path'"
log local0. " Referer Host: '$refer_host'"
log local0. " EndsWith referer_check_filetypes: [class match [HTTP::path] ends_with referer_check_filetypes]"
log local0. " Contains referer_allowed_hosts: [class match $refer_host contains referer_allowed_hosts]"
if { ( [class match [HTTP::path] ends_with referer_check_filetypes] ) and
( not [class match $refer_host contains referer_allowed_hosts] ) } {
log local0. "[IP::client_addr]:[TCP::client_port]: hotlink detected from Referer: $refer_host for [HTTP::host][HTTP::uri]"
log local0. " Redirect user to home page (http://[HTTP::host])"
HTTP::respond 302 "Location" "http://[HTTP::host]" Cache-Control No-Cache Pragma No-Cache
return
}
if {([string tolower [HTTP::host]] starts_with "www.")} {
log local0. " Host contains WWW. Redirect to 'https://[string range [HTTP::host] 4 end][HTTP::uri]'"
HTTP::redirect "https://[string range [HTTP::host] 4 end][HTTP::uri]"
return
} elseif { [TCP::local_port] == 80 } {
log local0. " Local port is 80. Redirect to HTTPS (https://[HTTP::host][HTTP::uri])"
HTTP::redirect https://[HTTP::host][HTTP::uri]
return
}
}