HTTP Header Referrer
cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP Header Referrer

L1 Bithead

Hi,


is it possible to build a security access rule based on http-header referrer field?

Someone have do it?

Regards

2 REPLIES 2

Cyber Elite
Cyber Elite

@mmcastr,

Kinda. The only way I can think of to actually acomplish this would be to build a custom application based on HTTP-Headers. If you do a pattern match you shouldn't have an issue pulling the referrer information. Then you can allow/block this application through your security policies. 

Hi @BPry

We have a scenario where Internet access is blocked by default for most of users and the access is allowed by a custom URL object that have a list of URL or FQDN.


I found a traffic related to one of the allowed FQDN that uses http referrer but is denied because the FQDN inside the URI is not inside the white list but it has into the http referrer the allowed FQDN.

 

Based on it I'm trying to allow this traffic based in this http field.

 

I didn't find the http referrer attribute inside the available options to http protocol when I was building the custom app.


As we don't have a testing environment to homologate this custom app I'd like to ask you if I'm in the right way to match this kind of traffic and allowed.

 

Below I put the options I worked to build the custom app.

 

Application / Signatures
  Signatures Name: http-scup
     Scope: Transaction
       Operator: Pattern Match
       Context: http-req-params
       Pattern: www.domain.com
         Qualifier: http-method GET

Thanks for your time.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!