Forum Discussion
danielng_19608
Nimbostratus
NimbostratusCustomizing X-Forwarded-For certain websites
Hi all,
currently my setup is to enable X-Forwarded for all traffic that is hitting the Internet.
What i would like to do is to NOT enable X-Forwarded when accessing certain websites.
My idea of the iRule will be something like this:
==================================================================================
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::trustedAddresses] }
{
forward
}
else {
HTTP::header insert X-Forwarded-For [IP::remote_addr]
forward
}
Can anyone tell me if this solution will work?
Thanks!!
6 Replies
hoolioCirrostratus
If you want to inspect/modify the HTTP content, you need to add an HTTP profile to the virtual server. You would also need to move the logic to the HTTP_REQUEST event where the HTTP headers have been parsed by TMM. And assuming you have a pool on the VS, you could remove the forward statements and just use a single if:when CLIENT_ACCEPTED { Check if client IP isn't part of trusted addresses datagroup if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{ set insertXff 0 } else { set insertXff 1 } } when HTTP_REQUEST { Check if we're inserting an XFF for this connection if { $insertXff}{ Remove existing XFF headers HTTP::header remove X-Forwarded-For Insert new XFF header HTTP::header insert X-Forwarded-For [IP::remote_addr] } }
Aaron
danielng_19608Hi Aaron,
many thanks for the prompt response. Really appreciate your time in helping me out as i am still learning how to write iRules. I will try it out and let you know again. Thanks again!
regards,
Daniel- danielng_19608hi Aaron,
i managed to get the rule to work after some tweaking. thanks again for your help!! - hoolioWhat did you end up with?
Aaron - danielng_19608Hi Aaron,
this is what i came out with. Basically, i am trying to match another condition that is any string which contains what i have specified in the datagroup selectedSites will be checked. I tried to specify selectedSites as a String datagroup but it doesnt seem to be working. Any advise on this?
=================================================================================
if {[matchclass [IP::client_addr] equals $::trustedAddresses]}
{
set insertxff 0
}
else
{
set insertxff 1
}
}
when HTTP_REQUEST {
if { $insertxff equals 0 and ([string tolower [HTTP::host]] contains $::selectedSites)}
{
Remove existing XFF headers if both conditions match
HTTP::header remove X-Forwarded-For
}
else
{
Insert new XFF header
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}
} - hoolioCan you replace this line:
if { $insertxff equals 0 and ([string tolower [HTTP::host]] contains $::selectedSites)}
with this:
if { $insertxff equals 0 and [matchclass $::selectedSites contains [string tolower [HTTP::host]]]}
Aaron
