Forum Discussion
Asm geo location irule
folks ,
need some help with asm geo location irule
I want to allow Ip address which contain country SG in forwarder Header , since i have only restricted my ASM geo location policy to allow only SG country to access this application but due to google play integration i am seeing US ip address as source but the original Ip showing in x forwarder.
when ASM_REQUEST_DONE {
log local0. "Detected Country IP"
if { ([whereris IP::client_addr] == "SG") && ( [ASM::violation details] contains "VIOLATION_ILLEGAL_GEOLOCATION") }{
ASM::unblock
log local0. "[ASM::violation_data]. unblocked for [IP::client_addr]"
}
}
2 Replies
You may try [whereis [IP::client_addr] country] https://devcentral.f5.com/wiki/iRules.whereis.ashx
when ASM_REQUEST_DONE { set xff_is_sg "" if { [whereis [IP::client_addr] country] ne "SG" } { if { [HTTP::header exists "X-Forwarded-For"] } { foreach xff [split [string map [list " " ""] [HTTP::header "X-Forwarded-For"]] ","] { log local0. "Current XFF element: $xff" Check if the current XFF IP is in SG: if { [whereis $xff country] eq "SG" } { log local0. "$xff is from SG." set xff_is_sg 1 break } } if { $xff_is_sg ne "" } { ASM::unblock return } } } }
However, XFF can be spoofed. If you know which non-SG ip address range your users are forwarded from, then you can tighten up the rule by trusting that range only when processing XFF.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com