Forum Discussion

Nimbostratus

Jul 12, 2019

F5 APM - How to do IP Subnet match for IPs in header

Hi, I have a flow where clients come in VIA Proxy. I cannot get there IP from network Layer. I need to go and get this from header (XFF). How can I do a IP subnet match on APM using the XFF hea...

application delivery

BIG-IP Access Policy Manager (APM)

LTM

Faruk_AYDIN

Altostratus

Jul 12, 2019

add an iRule like that:

when ACCESS_SESSION_STARTED {
	ACCESS::session data set session.custom.xforwardedfor [HTTP::header X-Forwarded-For]
}

then add an Empty Box to your APM Policy, add a branch rule, then check the value against a subnet like that:

expr {[IP::addr [mcget {session.custom.xforwardedfor}] equals "10.0.0.0/8"]}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 APM - How to do IP Subnet match for IPs in header

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Recommendation for Adv. Lab

Cloud Apps Protection

Illigal Parameter addition as custom signature set wanted to Unblock

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Connection Rate Limit with log output

Related Content

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

Using Client Subnet in DNS Requests

APM IP Subnet Match - single IP list

Implementing Client Subnet DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS