Forum Discussion

Sonny's avatar
Sonny
Icon for Cirrus rankCirrus
Aug 23, 2016

http referer iRule assistence

I have the below iRule. I want to modify it so that if users insert images into the docs via the browser, the connection doesn't break. It breaks because the images are coming from their local systems and not from sharepoint. I haven't been able to think of anything dynamic. I.E., if the user inserts different types of images(jpeg, giff, etc...), videos, etc.

 

when RULE_INIT { user-defined: enable/disable debug (1/0) set static::ref_debug 0 } when HTTP_REQUEST { This iRule will check the HTTP referer to make sure the

 

traffic arriving at the OWA is in-fact coming from Sharepoint. if { not ( [HTTP::uri] contains "/favicon" ) } { if { $static::ref_debug } { log local0. "Incoming

 

referer: [HTTP::header Referer]" } switch -glob [string tolower [HTTP::header Referer]] { "https://sharepoint/*" { if { $static::ref_debug } { log local0. "From

 

allowed referer - allow" } return } "https://OWA/*" { if { $static::ref_debug } { log local0. "local

 

domain - allow" } return } default { if { $static::ref_debug } { log local0. "from

 

disallowed referer - redirect" } HTTP::redirect [HTTP::header Referer] } } } }

 

  • Hi Sonny,

    you could simply add an additional whitelist for problematic web pages (e.g. upload page)...

    when HTTP_REQUEST { 
    
         This iRule will check the HTTP referer to make sure the traffic arriving at the OWA is in-fact coming from Sharepoint. 
    
        if { not ( [HTTP::uri] contains "/favicon" ) } { 
            if { $static::ref_debug } { log local0. "Incoming referer: [HTTP::header Referer]" } 
            switch -glob [string tolower [HTTP::header Referer]] { 
                "https://sharepoint/*" { 
                    if { $static::ref_debug } { log local0. "From allowed referer - allow" } 
                    return 
                } 
                "https://OWA/*" { 
                    if { $static::ref_debug } { log local0. "local domain - allow" } 
                    return 
                } 
                default {
                    if { $static::ref_debug } { log local0. "from disallowed referer - redirect" }
                    switch -glob -- [string tolower [HTTP::uri]] {
                        "*upload.aspx*" - \
                        "*attachment.aspx*" - \
                        "*somepage.aspx*" - \
                        "*whitelist.aspx*" {
                            if { $static::ref_debug } { log local0. "Explicitly whitelisted URL - allow" }
                            return
                        } 
                        default {
                            HTTP::redirect [HTTP::header Referer] 
                        }
                    }
                } 
            } 
        } 
    }
    

    Cheers, Kai

  • Thanks for the suggestion Kai. However, it didn't work. The .aspx pages are accounted for with the "https://sharepoint/" and "https://OWA/", right?

     

  • If you use _._, it works!

     

    switch -glob -- [string tolower [HTTP::uri]] { "_._" { if { $static::ref_debug } { log local0. "Explicitly whitelisted URL - allow" } return }

     

    Hmm, the "star.star" doesn't show up on DevCentral.