You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Question about WAF and how to prevent hotlinking

Summary:

I can't configure WAF Access Control to prevent direct access to files behind a Load Balancer

Content (required):

I've been trying to create a WAF configuration to prevent direct linking to some image files in my site. Actually I've made an Access Control (Request) rule with these conditions:

i_contains(http.request.url.path, '~site/poc/image.jpg') && !i_contains(http.request.headers."Referer", 'https://www.mysite.com')

And i like to the request who matches these conditions to get an "Pre-configured 401 Response Code Action " as response.

But when i use curl to test those rules no matter if i specify the referrer URL or not always got an 401 response.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!