Limit access to VIP or VS only from browser

Cumulonimbus

Mar 24, 2018

you can try to detect user-agent

when HTTP_REQUEST {
  switch -glob -- [string tolower [HTTP::header "User-Agent"]] {
    "*microsoft office *ios*" -
    "*onedriveiosapp*" -
    "onedrive/*darwin*" {
      Mobile Office Apps
      HTTP::respond 403 -version "1.1" content {Access Denied.} noserver "Content-Type" "text/html" 
      return
    }
    "*microsoft office onedrive*" -
    "*microsoft onedrive*" -
    "*microsoft office skydrive*" -
    "*microsoft office syncproc*" -
    "*microsoft office upload center*" -
    "*office protocol discovery*" -
    "*microsoft office*" -
    "*microsoft data access internet publishing provider*" -
    "*non-browser*" -
    "msoffice 12*" -
    "*microsoft-webdav-miniredir*" -
    "*ms frontpage*" {
      Desktop Office Apps
      HTTP::respond 403 -version "1.1" content {Access Denied.} noserver "Content-Type" "text/html" 
      return
    }
    "*mozilla*" -
    "*opera*" {
         Regular web browser detected.  
        
    }
    default { 
        All others
      HTTP::respond 403 -version "1.1" content {Access Denied.} noserver "Content-Type" "text/html" 
      return
    }
  }
}

But, any command line can change his user-agent header to bypass this code.

Forum Discussion

Limit access to VIP or VS only from browser

Recent Discussions

BWC iRule

Citrix XenServer Big-IP Upgrade help

iRule condition - request contains more than 10000 parameters

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

How to limit some snmp mib access

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Ending an APM session when browser tab is closed

Rate Limiting based on ACCESS TOKEN (OAuth 2.0)

Introduction to F5 Distributed Cloud Console Rate Limiting Feature