For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Dec 12, 2019
Solved

Extract 2nd to last IP from X-FORWARDED-FOR header

All,  We are implementing a WAF infront of our F5 LTMs which will act as a proxy, and insert the client IP in to the X-FORWARDED-FOR header. We currently have a number of irules that use the client ...
application delivery
BIG-IP
iRules
  • MW1's avatar
    MW1
    Dec 12, 2019

    Just as a final in case anyone stubles over my query I did find an issue when trying to match the variable to a datagroup that there is a leading space preventing matching (attempts to set the split to work on ", " didnt seem to work), so I had to add a line to remove this with a string map. Example irule logging the whole X-FWD-FOR header, client IP as seen my the F5 and the "real client IP" as seen by the WAF

     

    when HTTP_REQUEST {

    set RealClientIP [lindex [split [HTTP::header X-Forwarded-For] ","] end-1]

    set RealClientIP [string map {" " ""} $RealClientIP]

    log local0. " X-Forwarded-For: [HTTP::header X-Forwarded-For] Client IP [IP::client_addr] Real Client IP: $RealClientIP "

    }

     

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Dec 12, 2019

May have answered my own question:

 

set RealClientIP [lindex [split [HTTP::header X-Forwarded-For] ","] end-1]