Forum Discussion

Snl's avatar
Snl
Icon for Cirrostratus rankCirrostratus
Feb 25, 2018

Asm geo location irule

folks ,

need some help with asm geo location irule

I want to allow Ip address which contain country SG in forwarder Header , since i have only restricted my ASM geo location policy to allow only SG country to access this application but due to google play integration i am seeing US ip address as source but the original Ip showing in x forwarder.

when ASM_REQUEST_DONE {
log local0. "Detected Country IP"
      if { ([whereris IP::client_addr] == "SG") && ( [ASM::violation details] contains "VIOLATION_ILLEGAL_GEOLOCATION") }{
    ASM::unblock
    log local0. "[ASM::violation_data]. unblocked for [IP::client_addr]"
  }

}

2 Replies

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    when ASM_REQUEST_DONE {
        set xff_is_sg ""
        if { [whereis [IP::client_addr] country] ne "SG" } {
            if { [HTTP::header exists "X-Forwarded-For"] } {
                foreach xff [split [string map [list " " ""] [HTTP::header "X-Forwarded-For"]] ","] {
                    log local0. "Current XFF element: $xff"
                     Check if the current XFF IP is in SG:
                    if { [whereis $xff country] eq "SG" } {
                        log local0. "$xff is from SG."
                        set xff_is_sg 1
                        break
                    }
                }
                if { $xff_is_sg ne "" } {
                    ASM::unblock
                    return
                }
            }
        }
    }   
    

    However, XFF can be spoofed. If you know which non-SG ip address range your users are forwarded from, then you can tighten up the rule by trusting that range only when processing XFF.