Forum Discussion

insomniak_11745's avatar
insomniak_11745
Icon for Nimbostratus rankNimbostratus
Aug 19, 2013

Restrict Access via HTTP referer

I'm attempting to restrict access to an application via HTTP REFERER. Using the example given by the dev team, I'm using something that looks like this: when HTTP_REQUEST { switch -glob [HTTP::...
application delivery
devops
iRules
insomniak_11745's avatar
insomniak_11745
Icon for Nimbostratus rankNimbostratus
Aug 21, 2013

This is becoming very complex to think about. The application that is housed within the Virtual Server in question is Etherpad. The Etherpad Virtual Server IP is being linked to directly from within the user's custom application. Therefore:

 

  • The Etherpad installation is being accessed not directly from the application, but from the end-user's public IP address (otherwise we'd just restrict via internal IP)
  • Traditional session-based restriction will not work because if a user accesses the Etherpad once from withing the custom application, they can then use the same session to access it directly in the future.

The user ALWAYS needs to click the link to the Etherpad installation from WITHIN the custom application.

 

I'm thinking that some sort of shared token "handshake" needs to happen between applications.