Forum Discussion
jerm1020_254086
Nimbostratus
Nimbostratuscreate a new Header value manipulation iRule
create a new Header value manipulation iRule. This iRule needs to interrogate Header values and substitute the x-forwarded-for value with True-Client-IP value if available. our CDN is providing the actual client IP address via this new Header value yet our current code base leverages the x-forwarded-for Header value for client address interrogation. This iRule allows for zero code impact while allowing us to leverage the new CDN IP Header value.
can anyone tell me if this is correct? or moreso how to form this into an iRule. irules are my absolute weakest part of the f5
IF Header Name True-Client-IP Exists THEN Set X-Forwarded-For Value equal to True-Client-IP value END IF
ekaleido_26616Cirrocumulus
when HTTP_REQUEST { if { HTTP::header exists X-Forwarded-For } { HTTP::header replace X-Forwarded-For [[IP::client_addr]] } }
jerm1020_254086apologies for my ignorance on the subject, but this accomplishes what I was seeking? it looks correct from my limited knowledge of irules. true client is client IP within the irule?
- ekaleido_26616
[IP::client_addr] is whatever IP the user is assigned.
- jerm1020_254086
I am receiving this error when trying to input the iRule
01070151:3: Rule [/Common/CDN_Header_value_manipulation] error: /Common/CDN_Header_value_manipulation:2: error: [parse error: PARSE syntax 41 {syntax error in expression " HTTP::header exists X-Forwarded-For ": variable references require preceding $}][{ HTTP::header exists X-Forwarded-For }]
ekaleidoCirrus
when HTTP_REQUEST { if { HTTP::header exists X-Forwarded-For } { HTTP::header replace X-Forwarded-For [[IP::client_addr]] } }- jerm1020_254086
apologies for my ignorance on the subject, but this accomplishes what I was seeking? it looks correct from my limited knowledge of irules. true client is client IP within the irule?
- ekaleido
[IP::client_addr] is whatever IP the user is assigned.
- jerm1020_254086
I am receiving this error when trying to input the iRule
01070151:3: Rule [/Common/CDN_Header_value_manipulation] error: /Common/CDN_Header_value_manipulation:2: error: [parse error: PARSE syntax 41 {syntax error in expression " HTTP::header exists X-Forwarded-For ": variable references require preceding $}][{ HTTP::header exists X-Forwarded-For }]
- Kai_Wilke
MVP
Hi Jerm,
you may use the iRule below to copy the
header information (if present) into an additional"True-Client-IP"
header. If the"X-Forwarded-For"
header is not present, the iRule would simply store the client IP address of the underlying TCP session as"True-Client-IP"
header value..."X-Forwarded-For"when HTTP_REQUEST { Removing existing "X-Forwarded-For" headers to avoid duplications. HTTP::header remove "X-Forwarded-For" Check if "True-Client-IP" is present if { [set true_client_ip [HTTP::header value "True-Client-IP"]] ne "" } then { "True-Client-IP" header is present. Copying "True-Client-IP" value to "X-Forwarded-For" HTTP::header insert "X-Forwarded-For" $true_client_ip } else { "True-Client-IP" header is not present. Setting the real client IP as "X-Forwarded-For" HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1] } }Cheers, Kai
