Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Icemanii_116694's avatar
Icemanii_116694
Icon for Nimbostratus rankNimbostratus
Jan 01, 2014

Block Opera Mini users using true client IP

I'm trying to restrict users from certain countries using Opera Mini browser from accessing my server. I'm using the following irule to replace the IP::client_addr field with the XFF IP:   when H...
application delivery
devops
irules
microsoft
Thomas_Gobet_91's avatar
Thomas_Gobet_91
Icon for Cirrostratus rankCirrostratus
Jan 08, 2014

Hi,

I would do a "foreach" to check WFF value, because your request can travel through multiples proxies.

when CLIENT_ACCEPTED {
 Save the name of the VS default pool
set default_pool [LB::server pool]
}

when HTTP_REQUEST {
if { [string tolower [HTTP::header "User-Agent"]] contains "opera mini"} {
    if {[HTTP::header exists "X-Forwarded-For"]} {
        foreach real_ip [split [string map [list " " ""] [HTTP::header "X-Forwarded-For"]] ","] {
            if {([class match [$real_ip] equals WhitelistIP]) } {
                pool $default_pool}
            elseif {([class match [$real_ip] equals BlacklistIP]) } {
                HTTP::redirect "http://0.0.0.0"}
            elseif { [class match [whereis $real_ip country] equals BlockedCountry]} {
                    HTTP::redirect "http://myforbiddenpage.com"}
                }
            else {
                    pool $default_pool}
            }
       }
}
  • Icemanii_116694's avatar
    Icemanii_116694
    Icon for Nimbostratus rankNimbostratus
    Jan 08, 2014
    I've tried using the foreach, but I'm hitting Connection closed by remote server when using the opera mini browser trying to access my server.