Important note

The EdgeRules feature is available only on Enterprise plans.

This tutorial will show you how to manipulate headers based on HTTP referrer and/or extract the domain part only from the http referrer used to access CDN assets. This rule usually applies to cases with CORS headers where only the domain should be used instead of “*”.

In this example, we’ll want to add the header “Access-Control-Allow-Origin” with the value of referrer but with the domain only:

Nginx Configuration Block

location / {
		if ($http_referer ~* ^(https?\:\/\/)(.*?)\/(.*)$) {                                  
			add_header Access-Control-Allow-Origin $1$2;
		}
...
}

What we are doing here is matching the referrer by looking into the $http_referer Nginx variable and creating match blocks:

  1. ^(https?\:\/\/)
  2. This matches the beginning of the referrer string and it’s scheme (protocol: http or https). This is mapped as $1.

  3. (.*?)
  4. … which matches the second group (mapped as $2) in the referrer string after scheme and before:

  5. \/(.*)$

… which matches anything after the second group (including first slash “/” after domain part of the referrer). This is mapped as $3.

CURL example without referrer

~$ curl -I http://foo.bar.netdna-cdn.com/
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 10:51:04 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Accept-Ranges: bytes

CURL example with referrer

~$ curl -I http://foo.bar.netdna-cdn.com --referer "http://www.domain.com/test/one/test/two"
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 10:54:44 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Access-Control-Allow-Origin: www.domain.com
Accept-Ranges: bytes

Additionally, we can define a default CORS value in case there is no referrer:

Nginx Configuration Block

location / {
		set $ref "*";
		if ($http_referer ~* ^(https?\:\/\/)(.*?)\/(.*)$) {                                  
			set $ref $1$2;
		}
		add_header Access-Control-Allow-Origin $ref;
...
}

CURL with referrer

~$ curl -I http://foo.bar.netdna-cdn.com/ --referer "http://www.domain.com/test/one/test/two"
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 11:12:09 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Access-Control-Allow-Origin: www.domain.com
Accept-Ranges: bytes

CURL without referrer

~$ curl -I foo.bar.netdna-cdn.com/
HTTP/1.1 200 OK
Date: Wed, 08 Jul 2015 11:12:11 GMT
Content-Type: text/html
Content-Length: 72551
Connection: keep-alive
Last-Modified: Thu, 02 Jul 2015 19:00:44 GMT
Expires: Wed, 15 Jul 2015 10:23:16 GMT
Cache-Control: max-age=604800
X-Cache: HIT
Server: NetDNA-cache/2.2
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

We’ve chosen to use “*” as the default value and thus a variable was needed so we can make it expendable.

First, we define a custom variable $ref with value of “*” and then, in case the referrer exists and it satisfies regex within the rule, we change the value of $ref to the referrer domain. Eventually, we simply apply $ref to the CORS header as a value.

If you have any questions, please respond in the comments section below.