Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Irule help to block HTTP request if the HTTP Referer header value is null or with wrong domain

Thiyagu
Cirrus
Cirrus

‎15-Dec-2020 06:43

Hello Team,

I'm in need of an Irule to block HTTP request if the HTTP Referer header value is null or with wrong domain address.

 

Could you please help with an irule for this request?

 

 

 

    when HTTP_REQUEST {

       set referer [string tolower [HTTP::header value "Referer"]]

       if {($referer != "") && !($referer starts_with "*.abc.com")} {

           log local0.info "Rejecting request to [HTTP::uri] with Referer $referer"

           reject

       }

   }

I have also tried the below irule and this also not worked.

 

Class allowed_referers {

      *.abc.com

 

}

 

when HTTP_REQUEST {

  set referer [string tolower [HTTP::header value "Referer"]]

  if { ( [matchclass [HTTP::header value "Referer"] $referer contains allowed_referers ] ) }

   {

     allow

  }

}

 

Regards,

Thiyagu

Labels:
0 Kudos
4 REPLIES 4

Enes_Afsin_Al
MVP
MVP

‎15-Dec-2020 11:19 - last edited on ‎04-Jun-2023 21:08 by Fog

Hi Thiyagu,

* character is not wildcard in here.

Can you try that?

if {($referer ne "") && !($referer contains ".abc.com")}
0 Kudos

Thiyagu
Cirrus
Cirrus
In response to Enes_Afsin_Al

‎16-Dec-2020 23:14

Hello aaa,

I have tried the below irule and it is not working. As far I know the the flow logic is correct and for some reason this irule is not working.

 

Could you please correct me if I' missing something here?

 

when HTTP_REQUEST

{

 

 set referer [string tolower [HTTP::header value "Referer"]]

 

     if {($referer ne "") && !($referer contains ".abc.com")}

     {

     HTTP::respond 400 content "Bad Request" "Content-Type" "text/html"

     }

 

 }

 

Regards,

Thiyagu

0 Kudos

Enes_Afsin_Al
MVP
MVP

‎17-Dec-2020 04:14 - last edited on ‎04-Jun-2023 21:08 by Fog

Hi Tiyagu,

Can you test this and investigate logs?

when HTTP_REQUEST {
	log local0. "referer status: [HTTP::header exists Referer] | clientip: [IP::client_addr] | uri: [HTTP::uri]"
	if { [HTTP::header exists "Referer"] and not ([HTTP::header value "Referer"] contains ".abc.com") } {
		log local0. "referer header found | uri: [HTTP::uri]"
		HTTP::respond 400 content "Bad Request" Content-Type "text/html"
	}
}
0 Kudos

Thiyagu
Cirrus
Cirrus
In response to Enes_Afsin_Al

‎17-Dec-2020 06:19

Thanks a lot eaa.

As a plan B I have also worked on the below iRULE. Could you please correct me if I' missing something ?

 

------------------------------------------------

when HTTP_REQUEST {

 switch -glob [HTTP::header "Referer"] {

   "*.abc.com/*" {

     # Allow Request to go through...

   }

   "" {

     HTTP::respond 400 content "Bad Request" Content-Type "text/html"

   }

   default {

    HTTP::respond 400 content "Bad Request" Content-Type "text/html"

   }

 }

}

------------------------------------------------------------

 

Thanks a lot in advance

 

Regards,

Thiyagu

0 Kudos
Copyright © 2023 Khoros, LLC