Forum Discussion

junior's avatar
junior
Icon for Nimbostratus rankNimbostratus
Jul 12, 2019

F5 APM - How to do IP Subnet match for IPs in header

Hi,

 

I have a flow where clients come in VIA Proxy. I cannot get there IP from network Layer. I need to go and get this from header (XFF). How can I do a IP subnet match on APM using the XFF header?

 

Thanks

  • add an iRule like that:

    when ACCESS_SESSION_STARTED {
    	ACCESS::session data set session.custom.xforwardedfor [HTTP::header X-Forwarded-For]
    }

    then add an Empty Box to your APM Policy, add a branch rule, then check the value against a subnet like that:

    expr {[IP::addr [mcget {session.custom.xforwardedfor}] equals "10.0.0.0/8"]}