Forum Discussion

Sakha_356640's avatar
Sakha_356640
Icon for Nimbostratus rankNimbostratus
Mar 23, 2018

Limit access to VIP or VS only from browser

I have big-ip at office, how to create irule for limit access VIP only from browser ? Thanks..

 

BIG-IP
iRules
security

2 Replies

Sort By
  • Sakha_356640's avatar
    Sakha_356640
    Icon for Nimbostratus rankNimbostratus
    Mar 24, 2018

    Anyone can help me, create irule for restrict access to VIP only from browser. Not for command line or query from cmd or tools.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Mar 24, 2018

    you can try to detect user-agent

     

    when HTTP_REQUEST {
  switch -glob -- [string tolower [HTTP::header "User-Agent"]] {
    "*microsoft office *ios*" -
    "*onedriveiosapp*" -
    "onedrive/*darwin*" {
      Mobile Office Apps
      HTTP::respond 403 -version "1.1" content {Access Denied.} noserver "Content-Type" "text/html" 
      return
    }
    "*microsoft office onedrive*" -
    "*microsoft onedrive*" -
    "*microsoft office skydrive*" -
    "*microsoft office syncproc*" -
    "*microsoft office upload center*" -
    "*office protocol discovery*" -
    "*microsoft office*" -
    "*microsoft data access internet publishing provider*" -
    "*non-browser*" -
    "msoffice 12*" -
    "*microsoft-webdav-miniredir*" -
    "*ms frontpage*" {
      Desktop Office Apps
      HTTP::respond 403 -version "1.1" content {Access Denied.} noserver "Content-Type" "text/html" 
      return
    }
    "*mozilla*" -
    "*opera*" {
         Regular web browser detected.  
        
    }
    default { 
        All others
      HTTP::respond 403 -version "1.1" content {Access Denied.} noserver "Content-Type" "text/html" 
      return
    }
  }
}

    But, any command line can change his user-agent header to bypass this code.