Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Referrer filter policy is accepting a request that should be filtered #875

Closed
pestanko opened this issue Sep 5, 2018 · 1 comment
Closed

Referrer filter policy is accepting a request that should be filtered #875

pestanko opened this issue Sep 5, 2018 · 1 comment
Assignees
@davidor
Milestone
3.3

Comments

@pestanko
Copy link

pestanko commented Sep 5, 2018

Referrer filter is accepting a request with a different Referer filter that is not allowed.

Version
  • Apicast 3.3-ER1
Steps To Reproduce
  1. Configure and enable referrer filter policy
  2. Set referrer filters for the application
  3. Make a request with Referer header that is allowed
  4. Make a request with Referer header that is not allowed - it should fail
  5. Make a request with Referer header that is not allowed and it will fail (that is OK)
Current Result
  • I send the first request with valid referrer header
  • Second with invalid (not in filters), but it will pass
  • Each next invalid header will fail on 403
Expected Result

So expected behavior in your case:

  • 1st with valid referrer => Accept
  • 2nd with invalid referrer => Deny
  • 3rd with invalid referrer => Deny
@davidor davidor self-assigned this Sep 5, 2018
@davidor davidor added this to the 3.3 milestone Sep 5, 2018
@davidor davidor mentioned this issue Sep 5, 2018
Merged
@davidor
Copy link
Contributor

davidor commented Sep 5, 2018

Fixed in #877

@davidor davidor closed this as completed Sep 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidor davidor

Labels
None yet
Projects
None yet
Milestone
3.3
Development

No branches or pull requests
2 participants
@davidor @pestanko