F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

junior's avatar
junior
Icon for Nimbostratus rankNimbostratus
Jul 12, 2019

F5 APM - How to do IP Subnet match for IPs in header

Hi,   I have a flow where clients come in VIA Proxy. I cannot get there IP from network Layer. I need to go and get this from header (XFF). How can I do a IP subnet match on APM using the XFF hea...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
Faruk_AYDIN's avatar
Faruk_AYDIN
Icon for Altostratus rankAltostratus
Jul 12, 2019

add an iRule like that:

when ACCESS_SESSION_STARTED {
	ACCESS::session data set session.custom.xforwardedfor [HTTP::header X-Forwarded-For]
}

then add an Empty Box to your APM Policy, add a branch rule, then check the value against a subnet like that:

expr {[IP::addr [mcget {session.custom.xforwardedfor}] equals "10.0.0.0/8"]}