Forum Discussion

Nimbostratus

Jul 12, 2019

F5 APM - How to do IP Subnet match for IPs in header

Hi, I have a flow where clients come in VIA Proxy. I cannot get there IP from network Layer. I need to go and get this from header (XFF). How can I do a IP subnet match on APM using the XFF hea...

application delivery

BIG-IP Access Policy Manager (APM)

LTM

Faruk_AYDIN

Nimbostratus

Jul 12, 2019

add an iRule like that:

when ACCESS_SESSION_STARTED {
	ACCESS::session data set session.custom.xforwardedfor [HTTP::header X-Forwarded-For]
}

then add an Empty Box to your APM Policy, add a branch rule, then check the value against a subnet like that:

expr {[IP::addr [mcget {session.custom.xforwardedfor}] equals "10.0.0.0/8"]}

Forum Discussion

F5 APM - How to do IP Subnet match for IPs in header

Recent Discussions

ASM Bot Defense JS and CSP

iRule interpretation assistance

CWE-20: Improper Input Validation

Errors in setup of BIGIP-NEXT CM VE on KVM

SEEK ADVICE FROM WEB BAILIFF CONTRACTOR ON STOLEN CRYPTO

Related Content

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

Security headers

Remove subnet from NAT pools without any impact

Implementing Client Subnet DNS Requests