Question about WAF and how to prevent hotlinking
Summary:
I can't configure WAF Access Control to prevent direct access to files behind a Load Balancer
Content (required):
I've been trying to create a WAF configuration to prevent direct linking to some image files in my site. Actually I've made an Access Control (Request) rule with these conditions:
i_contains(http.request.url.path, '~site/poc/image.jpg') && !i_contains(http.request.headers."Referer", 'https://www.mysite.com')
And i like to the request who matches these conditions to get an "Pre-configured 401 Response Code Action " as response.
But when i use curl to test those rules no matter if i specify the referrer URL or not always got an 401 response.
Tagged:
0