Forum Discussion

Nimbostratus

Jul 12, 2019

F5 APM - How to do IP Subnet match for IPs in header

Hi,

I have a flow where clients come in VIA Proxy. I cannot get there IP from network Layer. I need to go and get this from header (XFF). How can I do a IP subnet match on APM using the XFF header?

Thanks

application delivery

BIG-IP Access Policy Manager (APM)

LTM

Faruk_AYDIN

Altostratus

Jul 12, 2019

add an iRule like that:

when ACCESS_SESSION_STARTED {
	ACCESS::session data set session.custom.xforwardedfor [HTTP::header X-Forwarded-For]
}

then add an Empty Box to your APM Policy, add a branch rule, then check the value against a subnet like that:

expr {[IP::addr [mcget {session.custom.xforwardedfor}] equals "10.0.0.0/8"]}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 APM - How to do IP Subnet match for IPs in header

Recent Discussions

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Advice to partial rename uri path

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

XC Bot defense question

Related Content

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

APM IP Subnet Match - single IP list

(HTTP) Redirection via Arbitrary Host Header

Implementing Client Subnet DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS