Allowing Content Based on the Referer HTTP Header

book

Article ID: 166562

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The purpose of this article is to mend situations where a specific site is allowed but it refers to some externally-sourced content that is being blocked by policy, causing the website to display poorly or not display altogether.

Resolution

In order to allow traffic to those sites, we need to apply policy based on the "Referer" HTTP header. This header contains the URL of the site that initiated the request. We can find out the Referer of a specific request by using the Developer Tools in any browser.

Note: For HTTPS sites, SSL Interception must be enabled on each the request URLs in order for the ProxySG to be able to see the Referer HTTP header.

In this example, we will allow all traffic that contains "example.com" within the Referer request header:

  • Log in to the Management Console
  • Go to the Visual Policy Manager
  • Go to a Web Access Layer and create a new rule
  • Right-click the Source field in this rule, click Set > New > Request Header.
  • Name the object as desired.
  • From the Header Name drop-down menu, choose Referer
  • In the Header Regex field enter example.com and click OK.
  • Right-click the Action in this rule and set to Allow.
  • Click Install Policy.

Users should now be able to view all externally-sourced content that example.com is referencing. If this is not the case, further investigation of the Referer headers may be required by using the Developer Tools and adding extra Referer sites as needed.