Forum Discussion

Joe_Pipitone's avatar
Joe_Pipitone
Icon for Nimbostratus rankNimbostratus
May 05, 2015

iRule - HTTP::is_redirect failing

We have used this iRule for many years to block PDFs from being accessed directly, unless a user logs in and comes from an allowed domain. After upgrading from 10.2.4 to 11.2.1 and then to 11.6, th...
application delivery
blocking
devops
irule
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
May 06, 2015

the redirection back to the website's home page does not occur - it allows the user to download the PDFs.

does request come with referer header? if it does not exist or null, it will be allowed (to download pdf), won't it?

 if { $refer_host == "" || [matchclass $refer_host contains referer_allowed_hosts] } {
    return
 }

by the way, since you are running 11.6.0, you should replace global variable and matchclass with static global variable and class command.

static

https://devcentral.f5.com/wiki/iRules.static.ashx

class

https://devcentral.f5.com/wiki/iRules.class.ashx
  • Joe_Pipitone's avatar
    Joe_Pipitone
    Icon for Nimbostratus rankNimbostratus
    May 06, 2015
    This used to work in the past, and very well. The request comes with referrer header - basically if a user logs into our website, and the request comes from a list of allowed domains, then they're able to download the PDF. We put this iRule in place to prevent PDF's that were previously indexed on Google from being downloaded directly from Google search results, so the referrer in that case was google.com, which was not on our list of allowed hosts. Thanks for your suggestions - I'll take a look at those articles. If you are able to help me in the meantime, I'd appreciate it.