Joe_Pipitone
Sep 09, 2013Nimbostratus
Blocking file type by referrer - redirecting afterwards
I found a great script on devcentral that allows us to prevent people from obtaining PDF's from our sites unless they are referred by one of our domains. The script integrated nicely with some custom data groups.
The issue we are having is that I'm not able to redirect users using HTTP::host to our custom 404 page, which is just located at http://domain.com/404.aspx. The iRule doesn't want to save once I change the static redirect to use [HTTP::host]
Can anyone point me in the right direction? I've used HTTP::host and HTTP::uri on several occasions. The code is here:
when RULE_INIT {
0=disable checking paths
1=check referer if requested URL is in "referer_check_paths" (default allow)
2=check referer if requested URL is NOT in "referer_check_paths" (default deny)
set ::setting_check_paths 0
0=exact match for path check
1=starts_with match of path check
set ::setting_path_check_starts_with 0
0=disable filetype checking
1=enable filetype checking
set ::setting_check_filetypes 1
Set appropriate URL to send the user to
This is where the error occurs, will not save
set ::error_url "[HTTP::host]/404.aspx"
END OF CONFIGURABLE PARAMETERS
if { $::setting_path_check_starts_with == 1 } {
set ::match_with "starts_with"
return
}
set ::match_with "equals"
}
when HTTP_REQUEST {
set error 0
if { $error == 0 && $::setting_check_filetypes == 1 &&
[matchclass [HTTP::path] ends_with referer_check_filetypes] } {
set error 1
}
if { $error == 0 && $::setting_check_paths == 1 &&
[matchclass [HTTP::path] $::match_with referer_check_paths] } {
set error 1
}
if { $error == 0 && $::setting_check_paths == 2 &&
( not [matchclass [HTTP::path] $::match_with referer_check_paths] ) } {
set error 1
}
if { $error == 0 } {
return
}
set refer_host [string tolower [URI::host [HTTP::header Referer]]]
if { $refer_host ne "" && [matchclass $refer_host contains referer_allowed_hosts] } {
return
}
set info " NOTICE: Entry point bypass detected from host: $refer_host"
append info " client { [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] }"
append info " ethernet { [string range [LINK::lasthop] 0 16] -> [string range [LINK::nexthop] 0 16] tag [LINK::vlan_id] qos [LINK::qos] }"
append info " - [HTTP::version] - REDIR [HTTP::is_redirect], Content-Length [HTTP::header Content-Length], Transfer-Encoding [HTTP::header Transfer-Encoding]"
append info " *TCP MSS([TCP::mss]) BW([TCP::bandwidth]) RTT([TCP::rtt]) OFFSET([TCP::offset])"
append info " *IP TOS [IP::tos], HOPS [IP::hops], TTL [IP::ttl]"
append info " *HTTP HOST [HTTP::host], KEEPALIVE [HTTP::is_keepalive], REQ_NUM [HTTP::request_num]"
log local0. $info
Set cache control headers on the redirect to prevent proxies from caching the response.
HTTP::respond 302 "Location" $::error_url Cache-Control No-Cache Pragma No-Cache
}