Forum Discussion

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Dec 12, 2019

Extract 2nd to last IP from X-FORWARDED-FOR header

All,  We are implementing a WAF infront of our F5 LTMs which will act as a proxy, and insert the client IP in to the X-FORWARDED-FOR header. We currently have a number of irules that use the client ...
  • MW1's avatar
    Dec 12, 2019

    Just as a final in case anyone stubles over my query I did find an issue when trying to match the variable to a datagroup that there is a leading space preventing matching (attempts to set the split to work on ", " didnt seem to work), so I had to add a line to remove this with a string map. Example irule logging the whole X-FWD-FOR header, client IP as seen my the F5 and the "real client IP" as seen by the WAF

     

    when HTTP_REQUEST {

    set RealClientIP [lindex [split [HTTP::header X-Forwarded-For] ","] end-1]

    set RealClientIP [string map {" " ""} $RealClientIP]

    log local0. " X-Forwarded-For: [HTTP::header X-Forwarded-For] Client IP [IP::client_addr] Real Client IP: $RealClientIP "

    }