This tutorial will show you how to manipulate headers based on HTTP referrer and/or extract the domain part only from the HTTP referrer used to access CDN assets.
The EdgeRules feature is available only on Enterprise plans.
This rule usually applies to cases with CORS headers where only the domain should be used instead of "*". In this example, we'll want to add the header "Access-Control-Allow-Origin" with the value of referrer but with the domain only:
Nginx Configuration Block
location / {
if ($http_referer ~* ^(https?\:\/\/)(.*?)\/(.*)$) {
add_header Access-Control-Allow-Origin $1$2;
}
...
}
What we are doing here is matching the referrer by looking into the $http_referer Nginx variable and creating match blocks:
- ^(https?\:\/\/): This matches the beginning of the referrer string and its scheme (protocol: HTTP or HTTPS). This is mapped as $1.
- (.*?): This matches the second group (mapped as $2) in the referrer string after scheme and before:
- \/(.*)$: This matches anything after the second group (including first slash "/" after domain part of the referrer). This is mapped as $3.
CURL example without a referrer
~$ curl -I http://foo.bar.netdna-cdn.com/
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 10:51:04 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Accept-Ranges: bytes
CURL example with the referrer
~$ curl -I http://foo.bar.netdna-cdn.com --referer "http://www.domain.com/test/one/test/two"
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 10:54:44 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Access-Control-Allow-Origin: www.domain.com
Accept-Ranges: bytes
Additionally, we can define a default CORS value in case there is no referrer:
Nginx Configuration Block
location / {
set $ref "*";
if ($http_referer ~* ^(https?\:\/\/)(.*?)\/(.*)$) {
set $ref $1$2;
}
add_header Access-Control-Allow-Origin $ref;
...
}
CURL with referrer
~$ curl -I http://foo.bar.netdna-cdn.com/ --referer "http://www.domain.com/test/one/test/two"
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 11:12:09 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Access-Control-Allow-Origin: www.domain.com
Accept-Ranges: bytes
CURL without referrer
~$ curl -I foo.bar.netdna-cdn.com/
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 11:12:11 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
We've chosen to use "*" as the default value and thus a variable was needed so we can make it expendable. First, we define a custom variable $ref with a value of "*" and then, in case the referrer exists and it satisfies regex within the rule, we change the value of $ref to the referrer domain. Eventually, we simply apply $ref to the CORS header as a value.
If you have any questions or experience any issues, please reach out to the Support Team, live chat and ticket support are available 24/7.