cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking an URI wildcard to a specific Hostname and using an header

FaresB
Nimbostratus
Nimbostratus

Hi,

 

I'm trying to block wildcard " /* "but I need to allow access to " /pathA/* " and " /pathB/* " from a specific hostname, I need also to block these paths in the "Referer" header.

 

Basically, every access to " /* " should be rejected exept paths containing keyworld "pathA" and "pathB".

 

I have tried this iRULE but it seems to not work:

 

when HTTP_REQUEST {

 if { ([string tolower [HTTP::host]] contains "myhostname.society.com") && (![HTTP::uri] contains "/pathA" || ![HTTP::uri] contains "/pathB")} {

   HTTP::respond 403

 }

   elseif { ((![HTTP::header "Referer"] contains "/pathA") || (![HTTP::header "Referer"] contains "/pathB")) }

   {

 HTTP::respond 403

}

}

 

Can you help me ?

 

regards

2 REPLIES 2

cjunior
Nacreous
Nacreous

Hello,

According to my understanding, could be this:

when HTTP_REQUEST { if { [string tolower [HTTP::host]] contains "myhostname.society.com" && !( [HTTP::uri] contains "/pathA" || [HTTP::uri] contains "/pathB" || [HTTP::header Referer] contains "/pathA" || [HTTP::header Referer] contains "/pathB" ) } { HTTP::respond 403 } }

as well this one:

when HTTP_REQUEST { if { [string tolower [HTTP::host]] contains "myhostname.society.com" } { switch -glob [HTTP::path][HTTP::header Referer] { "*/pathA*" - "*/pathB*" { } default { HTTP::respond 403 } } } }

I hope it helps.

 

FaresB
Nimbostratus
Nimbostratus

Nevermind, Actually this iRULE seems to be ok !!

 

I used only this one on my VS and everything looks fine ,

the condition    switch -glob [HTTP::path][HTTP::header Referer] is perfect in my case !!

 

Thanks you cjunior !!

Here the solution worked on my case:

 

when HTTP_REQUEST {

   if { [string tolower [HTTP::host]] contains "hostname" } {

       switch -glob [HTTP::path][HTTP::header Referer] {

           "*/pathA*" -

           "*/pathB*" { }

           default { log local0. "condition header et hostname"

           reject }

       }

   }

}