Forum Discussion
MW1
Cirrus
CirrusExtract 2nd to last IP from X-FORWARDED-FOR header
All, We are implementing a WAF infront of our F5 LTMs which will act as a proxy, and insert the client IP in to the X-FORWARDED-FOR header. We currently have a number of irules that use the client ...
Just as a final in case anyone stubles over my query I did find an issue when trying to match the variable to a datagroup that there is a leading space preventing matching (attempts to set the split to work on ", " didnt seem to work), so I had to add a line to remove this with a string map. Example irule logging the whole X-FWD-FOR header, client IP as seen my the F5 and the "real client IP" as seen by the WAF
when HTTP_REQUEST {
set RealClientIP [lindex [split [HTTP::header X-Forwarded-For] ","] end-1]
set RealClientIP [string map {" " ""} $RealClientIP]
log local0. " X-Forwarded-For: [HTTP::header X-Forwarded-For] Client IP [IP::client_addr] Real Client IP: $RealClientIP "
}
MW1Cirrus
CirrusMay have answered my own question:
set RealClientIP [lindex [split [HTTP::header X-Forwarded-For] ","] end-1]