That looks about right, CB, but I think the logic would be if the Referer doesn't contain domain1 or domain2:
when HTTP_REQUEST {
switch -global [string tolower [HTTP::header Referer]] {
"*.domain1.com" -
"*.domain2.com" {
do nothing
}
default {
if { [matchclass [string tolower [HTTP::path]] contains $::restricted_URL_datagroup] ) } {
HTTP::respond 404 content ""
}
}
}
}
And trying to optimize an iRule which does a wildcard (contains) search against a datagroup containing 14k entries on most (or is it just many?) HTTP requests is going to get expensive in terms of resources. The rule you first posted with the if's will prevent the matchclass running for any request which has a valid referer header value.
Aaron