Forum Discussion
Peru_130741
Nimbostratus
NimbostratusBlocking X-forwarded for IP Adddress
Can anyone let me know what is the best way to block x-forwarded for IP address in F5. I have around 1000 VS configured & also ASM enabled on all the VS. original Source Ip has been already blocked i...
nitass
Employee
Employeee.g.
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.20.111:80
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
tcp { }
}
rules {
myrule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 2
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm data-group internal blacklist_ip
ltm data-group internal blacklist_ip {
records {
172.28.20.0/24 { }
}
type ip
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
when HTTP_REQUEST {
foreach axff [HTTP::header values X-Forwarded-For] {
log local0. "axff is $axff"
foreach anip [split [string map {" " ""} $axff] ","] {
log local0. "anip is $anip"
if { [class match -- $anip equals blacklist_ip] } {
log local0. "$anip is rejected"
reject
return
}
}
}
}
}
client
[root@centos17 ~] curl -i http://172.28.20.111 -H "X-Forwarded-For: 1.1.1.1" -H "X-Forwarded-For: 172.28.20.17, 2.2.2.2.2"
curl: (52) Empty reply from server
[root@centos17 ~]
/var/log/ltm
[root@ve11a:Active:Changes Pending] config tail -f /var/log/ltm
Jul 31 17:09:32 ve11a info tmm1[11073]: Rule /Common/myrule : axff is 1.1.1.1
Jul 31 17:09:32 ve11a info tmm1[11073]: Rule /Common/myrule : anip is 1.1.1.1
Jul 31 17:09:32 ve11a info tmm1[11073]: Rule /Common/myrule : axff is 172.28.20.17, 2.2.2.2.2
Jul 31 17:09:32 ve11a info tmm1[11073]: Rule /Common/myrule : anip is 172.28.20.17
Jul 31 17:09:32 ve11a info tmm1[11073]: Rule /Common/myrule : 172.28.20.17 is rejected
