Forum Discussion
Kevin_Davies
Jul 01, 2020MVP
This should do the trick, it has the added bonus of allowing for an empty header. Remove the break to process all the IP addresses on the X-Forwarded-For line instead of only the first. Note: If there are multiple of the same header or multiple addresses on the header the HTTP::header values command returns them all as a comma separated list.
when HTTP_REQUEST {
foreach CHECK_IP [split [HTTP::header values X-Forwarded-For] ","] {
if { !([class match [string trim $CHECK_IP] eq DG-ALLOWED-IP]) } {
if { [class match [HTTP::uri] eq DG-ALLOWED-URI-LIST] } {
reject
}
}
break
}
}