268 Citrix NetScaler Policy Configuration and Reference Guide
NetScaler solution for blocking a path and a User-Agent header
add responder action act1 respondwith '"HTTP/1.1 403
Forbidden\r\n\r\n"'
add responder policy pol1
'HTTP.REQ.HEADER("User_Agent").STARTSWITH("NameOfBadRobot")&&CLIENT
.IP.SRC.EQ(123.45.67.8)&&CLIENT.IP.SRC.EQ(123.45.67.9) &&
HTTP.REQ.URL.STARTSWITH("/~quux/foo/arc")' act1
bind responder global pol1 100
Blocking Access to Inline Images
If you find people frequently going to your server to copy inline graphics for their
own use (and generating unnecessary traffic), you may want to restrict the
browser’s ability to send an HTTP Referer header.
In the following example, the graphics are located in http://www.quux-corp.de/
~quux/.
Apache mod_rewrite solution for blocking access to an inline image
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$
RewriteRule .*\.gif$ - [F]
NetScaler solution for blocking access to an inline image
add patset pat1
bind patset pat1 .gif
bind patset pat1 .jpeg
add responder action act1 respondwith '"HTTP/1.1 403
Forbidden\r\n\r\n"'
add responder policy pol1 '!HTTP.REQ.HEADER("Referer").EQ("") &&
!HTTP.REQ.HEADER("Referer").STARTSWITH("http://www.quux-corp.de/
~quux/")&&HTTP.REQ.URL.ENDSWITH_ANY("pat1")' act1
bind responder global pol1 100
Creating Extensionless Links
To prevent users from knowing application or script details on the server side,
you can hide file extensions from users. To do this, you may want to support
extensionless links. You can achieve this behavior by using rewrite rules to add an
extension to all requests, or to selectively add extensions to requests.