https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/204165#M60084 <P>Hi,</P><P><BR />is it possible to build a security access rule based on http-header referrer field?</P><P>Someone have do it?<BR /><BR />Regards</P> Wed, 07 Mar 2018 19:33:51 GMT mmcastr 2018-03-07T19:33:51Z https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/204165#M60084 <P>Hi,</P><P><BR />is it possible to build a security access rule based on http-header referrer field?</P><P>Someone have do it?<BR /><BR />Regards</P> Wed, 07 Mar 2018 19:33:51 GMT https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/204165#M60084 mmcastr 2018-03-07T19:33:51Z https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/204216#M60093 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/65177">@mmcastr</a>,</P><P>Kinda. The only way I can think of to actually acomplish this would be to build a custom application based on HTTP-Headers. If you do a pattern match you shouldn't have an issue pulling the referrer information. Then you can allow/block this application through your security policies.&nbsp;</P> Wed, 07 Mar 2018 22:02:36 GMT https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/204216#M60093 BPry 2018-03-07T22:02:36Z https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/204546#M60156 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a><BR /><BR />We have a scenario where Internet access is blocked by default for most of users and the access is allowed by a custom URL object that have a list of URL or FQDN.</P><P><BR />I found a traffic related to one of the allowed FQDN that uses http referrer but is denied because the FQDN inside the URI is not inside the white list but it has into the http referrer the allowed FQDN.</P><P>&nbsp;</P><P>Based on it I'm trying to allow this traffic based in this http field.</P><P>&nbsp;</P><P>I didn't find the http referrer attribute inside the available options to http protocol when I was building the custom app.</P><P><BR />As we don't have a testing environment to homologate this custom app I'd like to ask you if I'm in the right way to match this kind of traffic and allowed.</P><P>&nbsp;</P><P>Below I put the options I worked to build the custom app.</P><P>&nbsp;</P><P>Application / Signatures<BR />&nbsp; Signatures Name: http-scup<BR />&nbsp; &nbsp; &nbsp;Scope: Transaction<BR />&nbsp; &nbsp; &nbsp; &nbsp;Operator: Pattern Match<BR />&nbsp; &nbsp; &nbsp; &nbsp;Context: http-req-params<BR />&nbsp; &nbsp; &nbsp; &nbsp;Pattern: <A href="http://www.domain.com" target="_blank">www.domain.com</A><BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Qualifier: http-method GET<BR /><BR />Thanks for your time.</P> Fri, 09 Mar 2018 13:27:56 GMT https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/204546#M60156 mmcastr 2018-03-09T13:27:56Z https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/1232576#M124657 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/65177">@mmcastr</a>,</P> <P>&nbsp;</P> <DIV class="QcsUad BDJ8fb sMVRZe hCXDsb wneUed"> <DIV class="usGWQd"> <DIV class="KkbLmb"> <DIV class="lRu31" dir="ltr">I'm in the same situation.</DIV> </DIV> </DIV> </DIV> <P><SPAN>Did you solve it?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks</SPAN></P> <DIV id="messageEditor_65301610449b37_0" class="MessageEditor"><A id="previewButton_65301610449b37_64783" class="lia-link-navigation lia-message-editor-preview-button" href="https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/td-p/204165#" target="_blank">Preview</A></DIV> Wed, 25 Jun 2025 12:22:16 GMT https://live.paloaltonetworks.com/t5/general-topics/http-header-referrer/m-p/1232576#M124657 SoporteFABA 2025-06-25T12:22:16Z