Irule help to block HTTP request if the HTTP Referer header value is null or with wrong domain

Question

Hello Team,I'm in need of an Irule  to block HTTP request if the HTTP Referer header value is null or with wrong domain address.&nbsp;Could you please help with an irule for this request?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;when HTTP_REQUEST {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set referer [string tolower [HTTP::header value "Referer"]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if {($referer != "") &amp;&amp; !($referer starts_with "*.abc.com")} {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log local0.info "Rejecting request to [HTTP::uri] with Referer $referer"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;reject&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;&nbsp;}I have also tried the below irule and this also not worked. &nbsp;Class allowed_referers {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;*.abc.com&nbsp;}&nbsp;when HTTP_REQUEST {&nbsp;&nbsp;set referer [string tolower [HTTP::header value "Referer"]]&nbsp;&nbsp;if { ( [matchclass [HTTP::header value "Referer"] $referer contains allowed_referers ] ) } &nbsp;&nbsp;&nbsp;{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allow&nbsp;&nbsp;}}&nbsp;Regards,Thiyagu

enes_afsin_al · Answer

Hi Thiyagu,* character is not wildcard in here.Can you try that?if {($referer ne "") &amp;&amp; !($referer contains ".abc.com")}

thiyagu · Answer

Hello aaa,I have tried the below irule and it is not working. As far I know the the flow logic is correct and for some reason this irule is not working. &nbsp;Could you please correct me if I' missing something here?&nbsp;when HTTP_REQUEST {&nbsp;&nbsp;set referer [string tolower [HTTP::header value "Referer"]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if {($referer ne "") &amp;&amp; !($referer contains ".abc.com")}&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;}&nbsp;Regards,Thiyagu

enes_afsin_al · Answer

Hi Tiyagu,Can you test this and investigate logs?when HTTP_REQUEST {
	log local0. "referer status: [HTTP::header exists Referer] | clientip: [IP::client_addr] | uri: [HTTP::uri]"
	if { [HTTP::header exists "Referer"] and not ([HTTP::header value "Referer"] contains ".abc.com") } {
		log local0. "referer header found | uri: [HTTP::uri]"
		HTTP::respond 400 content "Bad Request" Content-Type "text/html"
	}
}

thiyagu · Answer

Thanks a lot eaa.As a plan B I have also worked on the below iRULE. Could you please correct me if I' missing something ?&nbsp;------------------------------------------------when HTTP_REQUEST {&nbsp;switch -glob [HTTP::header "Referer"] {&nbsp;&nbsp;&nbsp;"*.abc.com/*" {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# Allow Request to go through...&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;&nbsp;"" {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::respond 400 content "Bad Request" Content-Type "text/html"&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;&nbsp;default {&nbsp;&nbsp;&nbsp;&nbsp;HTTP::respond 400 content "Bad Request" Content-Type "text/html"&nbsp;&nbsp;&nbsp;}&nbsp;}}------------------------------------------------------------&nbsp;Thanks a lot in advance&nbsp;Regards,Thiyagu

Forum Discussion

Irule help to block HTTP request if the HTTP Referer header value is null or with wrong domain

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

F5 Distributed Cloud Customer Edge on F5 rSeries – Reference Architecture

Cloud Docs - F5OS Technical Reference Materials

Customer Edge Site High Availability for Application Delivery - Reference Architecture

Bot Signature based on the referer header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS