For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sathish_2826's avatar
sathish_2826
Icon for Nimbostratus rankNimbostratus
Jan 03, 2020

Security headers irule issue

Hi there, i have been trying to apply an Irule to block requests for a URL when the domain is other than the ones allowed in the below rule,   when HTTP_REQUEST {   switch -glob [HTTP::header "R...
application delivery
BIG-IP
iRules
Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Jan 03, 2020

Hopefully this does the trick 🙂

when HTTP_REQUEST {
 
set domains { "xxxx.net" "xxxx.com" }
set matched 0
 
foreach header { "Referer" "Origin" "X-Forwarded-Host" } {
log local0. "$header - [HTTP::header $header] : [lsearch -exact $domains [HTTP::header $header]]"
    if { ! ( [lsearch -exact $domains [HTTP::header $header]] equals "-1" ) } {
        incr matched
    }
 
}
 
if { $matched > 0 } {
    pool emx-pool
} else {
    HTTP::respond 200 content "
 
<HTML>
 
<HEAD>
 
<TITLE>Rejected Request</TITLE>
 
</HEAD>
 
<BODY>The request was rejected. <BR>The server is trying to redirect the client to an external site, but it is forbidden</BODY>
 
</HTML>"
 
    
}
 
 
}