IRule and Datagroup to allow the HTTP Referer with only specific values

Hi  ,

I see 3 things here,

1. Not all requests would have the referer header, so you have to define your logic properly, which I see you covered with 1st If logic.
2. You are using matchclass which I think were used on version 10.x series. Its deprecated. You have to start using class match options in your IRule. Its not that matchclass would not work, but just saying to follow the best practices.
3. Datagroups are key/value pairs. You have to lookup for the key (which is the record), not the other way around. Because when I see your datagroup, I see you have put the URL's in values and records as ABC, XYZ. Hope you are not confused that lookups are done on values as well. Also the validations are all case-sensitives.

So when the Irule executes, as per your logic, it will collect the referer, lets say referer_host is set with abc.com. Then this is checked against your datagroup, but all your records are in upper case (ABC, XYZ). So nothing will match even with contains. Its a good practice to always perform string to lower, but all host values are often on lower string, so you have to change your datagroup to lowercase.

Hope this helps. Keep us posted.