Forum Discussion
@hoolio - Yes, thank you for pointing this out. This is actually an issue with this particular implementation as we are going from https --> http. I'm looking into configuring the application (Etherpad) to use https instead of http.
@Kevin - I understand the concern with spoofing HTTP headers, however this particular implementation is not to address any security concerns. Rather, it's more of a forceful "training" of the end users to use the URL included in the application rather than accessing it directly.
Thank you everyone for your quick help!
- Sadorect_151355Oct 21, 2016Nimbostratus
This is exactly what I am trying to achieve with my application too. According to the config below:
when HTTP_REQUEST { switch -glob [HTTP::header "Referer"] { "http://click.bank.com/dashboard.php" { Allow Request to go through... if { [string tolower [HTTP::uri]] ends_with "/eod" } { pool BankAppPool member 10.10.1.51 8888 log local0. "Requested path - admin sent to App1" log local0. "clientIP:[IP::client_addr] accessed [HTTP::host][HTTP::uri]" HTTP::redirect "/forms/frmservlet?config=ref&serveruserparams=NLS_LANG=AMERICAN_AMERICA.AR8MSWIN1256&otherparams=P_WST_LAN_IND=1+P_BANKS_APP_URL=http://10.10.1.51:9001/banks" HTTP::redirect "http://10.10.1.51:9001/forms/frmservlet?config=ref&serveruserparams=NLS_LANG=AMERICAN_AMERICA.AR8MSWIN1256&otherparams=P_WST_LAN_IND=1+P_BANKS_APP_URL=http://10.10.1.51:9001/banks" } elseif { [string tolower [HTTP::uri]] ends_with "/" }{ log local0. "Requested path - distribute Round robin" HTTP::redirect "http://pam.bank.com:9001/forms/frmservlet?config=ref&serveruserparams=NLS_LANG=AMERICAN_AMERICA.AR8MSWIN1256&otherparams=P_WST_LAN_IND=1+P_BANKS_APP_URL=http://10.10.1.57:9001/banks" log local0. &8220;Requested path - banks" } } "" { HTTP::redirect "http://click.bank.com/index.php?resp_id=MLG" } default { HTTP::redirect "http://click.bank.com/index.php?resp_id=MLG" [HTTP::header "Referer"] } } }
The redirect is working very fine as defined but the application accepting the request for valid navigation fails to load. It just hangs indefinitely. It works fine without the referrer-based redirect but, once the referrer check is introduced, it doesn't load. Is there something I'm missing in the iRule definition?