Forum Discussion
Icemanii_116694
Nimbostratus
NimbostratusBlock Opera Mini users using true client IP
I'm trying to restrict users from certain countries using Opera Mini browser from accessing my server. I'm using the following irule to replace the IP::client_addr field with the XFF IP:
when H...
Ah, I see. I didn't know that about Opera Mini. I thought you were looking at the X-Forwarded-For header as inserted by BIG-IP.
Couldn't you do something like this, then:
when HTTP_REQUEST {
if { [string tolower [HTTP::header "User-Agent"]] contains "mini opera" } {
if {[HTTP::header exists "X-Forwarded-For"]} {
set real_ip [HTTP::header value "X-Forwarded-For"]
if { [class match [whereis $real_ip country] equals BlockedCountry]] } {
drop
}
}
}
}
Icemanii_116694Thanks. I'll try it out to see if it works.- Icemanii_116694I've amended my iRule to iclude checking for whitelist IP and blacklist IP as well as the blocked country. I am able to hit the blockedcountry but unable to match the whitelist or blacklist lines. when CLIENT_ACCEPTED { Save the name of the VS default pool set default_pool [LB::server pool] } when HTTP_REQUEST { if { [string tolower [HTTP::header "User-Agent"]] contains "opera mini"} { if {[HTTP::header exists "X-Forwarded-For"]} { set real_ip [HTTP::header value "X-Forwarded-For"] if {([class match [$real_ip] equals WhitelistIP]) } { pool $default_pool} elseif {([class match [$real_ip] equals BlacklistIP]) } { HTTP::redirect "http://0.0.0.0"} elseif { [class match [whereis $real_ip country] equals BlockedCountry]} { HTTP::redirect "http://myforbiddenpage.com"} } else { pool $default_pool} } } The syntax seems ok but I'm not sure if the real_ip is pulling the correct IP from the X-Forwarded-For value.
