Forum Discussion

ant77's avatar
ant77
Icon for Cirrostratus rankCirrostratus
Jul 01, 2020

Alternative to getfield to check XFF client IP using data group

Hi All, We ran into a bug when upgrading to 13.1.3.3 that process an iRule to check the client IP address in an XFF header against what is defined in a data group "DG-ALLOWED-IP". Is there an...
application delivery
BIG-IP
iRules
Jim_Deucker's avatar
Jim_Deucker
Icon for Employee rankEmployee
Jul 02, 2020

Here's an old proc for sorting this down

proc get_xff_ip {{xff_hdr {X-Forwarded-For}}} {
    foreach ip "[string map {- { } \{ { } \} { } , { } \[ { } \] { } \" { } \( { } \) { } ; { } \$ { } # { } \\ { }} [HTTP::header values $xff_hdr]] [IP::client_addr]" {
        if {![catch {IP::addr $ip mask ::}]} {
            if {![IP::addr $ip equals 127.0.0.0/8] && ![IP::addr $ip equals 0.0.0.0/32] && ![IP::addr $ip equals ::/127]} {
                return $ip
            }
        }
    }
}

This returns the first non-localhost, non bogon 0.0.0.0 valid IP address in either the specified header or the client's IP.