Forum Discussion

plavender_72604's avatar
plavender_72604
Icon for Nimbostratus rankNimbostratus
Dec 02, 2008

Denying x-forwarded-for and true-client-ip optimisation

Hello,     I have found the following iRule that has been posted:     when HTTP_REQUEST {   if { [HTTP::header exists "X-Forwarded-For"] } {   set xff [HTTP::...
application delivery
dev
devops
iRules
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
Dec 03, 2008
Combining the two iRules is as easy as just copying the section that isn't duplicate code from one, and pasting it into the other.

 

 

What you'd end up with is something like this:

 

 

 
 when HTTP_REQUEST { 
   if { [HTTP::header exists "X-Forwarded-For"] } { 
     set xff [HTTP::header "X-Forwarded-For"] 
      xff may be in format of addr1,addr2,addr3 
     set addrs [split $xff ","] 
     foreach addr $addrs { 
       if { [matchclass $::banned_addr_list equals $addr] } { 
         reject 
       } 
     } 
   } 
  
   if { [HTTP::header exists "True-Client-IP"] } { 
     set xff [HTTP::header "True-Client-IP"] 
      xff may be in format of addr1,addr2,addr3 
     set addrs [split $xff ","] 
     foreach addr $addrs { 
       if { [matchclass $::banned_addr_list equals $addr] } { 
         reject 
       } 
     } 
   } 
 }

 

 

HTH,

 

Colin