Forum Discussion
NimbostratusNeed iRule to block outbound links from site
Hello all,
I am an intern tasked with an issue. We have a test environment for our e-commerce site and we want to remove all the outbound links associated with the site. For example, we don't want the user to be able to open the facebook link, or access google maps in the store locator page. We only want to allow access to our company URL. (www.ourcompanyurl.com) Can anyone help point us in the right direction?
My fellow interns and I have tried some combinations of coding that we thought would do the trick, but we've only managed to make the test site unavailable.
example of coding we've used...
when HTTP_REQUEST {
if { not ([string tolower [HTTP::host]] starts_with "www.ourcompanyurl.com/") } {
reject
}
}
I think we're probably looking for too easy of a soluting.
10 Replies
- Kevin_Stewart
Employee
Can you clarify? Is all traffic going through the F5? Even (external) Facebook and Google maps? 
Louie_DeArce_11Hopefully I can clarify. The F5 LTM sits between our link contoller (connected to the internet) and our virtual server (which hosts our test website).
so, how I'm thinking it works, we will allow access to the website on our virtual server, but we will not allow traffic back out??
- Kevin_StewartMaybe I'm still not getting it. I'm asking if the users must go through the F5 to get to Internet hosts like Facebook. They do of course have to go to the F5 VIP to get to the test website, but how does traffic route for Internet requests?
- Louie_DeArce_11Joe Consumer sitting at home doesn't need to go through the F5 to reach Facebook from his access point. However, when he sends an HTTP request to our website, he goes through our F5 to get there. Once a session with Joe Consumer is open, I need to stop him from opening external links when navigating our site. (I'm not sure if I'm answering your question or not)
- Kevin_StewartSo then are the links coming from inside of your application? Embedded links?
- Louie_DeArce_11Yes, I believe that is correct
- Kevin_StewartYou have to look at this more from an HTML/HTTP perspective. An embedded link could manifest in a few different forms. The simplest would be redirects and static page links. I've also seen some crazy apps where client side JavaScript generates the links.
A redirect will be a 30x type message from your site to the user's browser, causing the browser to follow that link. You can see the 30x redirect in the HTTP response headers and rewrite/discard it:
===================
when HTTP_RESPONSE {
if { ( [HTTP::is_redirect] ) and ( [string tolower [HTTP::header Location]] contains "facebook.com" ) } {
...
}
}
===================
A static link is presented in the HTML payload that the browser renders. Example:Facebook
If the user clicks on that link, it'll navigate directly to it without going back through your VIP. So to prevent this from happening you must catch and replace the offending HTML content as it leaves the BIG-IP. The faster option is a STREAM profile, but getting the match/regex strings right can be challenging. The HTTP::collect and HTTP::payload commands can be more flexible, but present a potential CPU utilization issue as you try to parse all content on every response. I'd personally spend my time developing the STREAM profile idea.
The next question then is, where and how are the links presented (redirects, links in the payload, both?). It's important to understand this. Do you have samples that we can see?
** Hopefully your app isn't generating the links in the browser side JavaScript, as this is significantly more difficult to overcome. Not impossible usually, but more of a challenge. - Louie_DeArce_11Based on your example. I believe it is a static link that our site uses. Here is where I believe it exists in the HTML payload.
Would this help clarify how to disable these links? - Louie_DeArce_11
Like us on facebook Short, timely messages on twitter Follow us on Pinterest - Louie_DeArce_11
Like us on facebook Short, timely messages on twitter Follow us on Pinterest
