For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus
Aug 15, 2024
Solved

Header injection rule

Hello everyone. I need to make a rule that injects a header value based on the presence of specific client side IP addresses 192.168.0.1, 192.168.0.2, 192.168.0.3 Etc..   What I think it would be ...
application delivery
  • Paulius's avatar
    Paulius
    Aug 16, 2024

    I believe the following should work for you and you shouldn't need X-Forwarded-For.

    when HTTP_REQUEST priority 500 {

    if { [class match -- [IP::client_addr] equals "datagroup_name" ] } {
        HTTP::header insert proxy_action "trusted"
    }

    if { [HTTP::host] eq "myhost.mydomain.com" } {
        pool MYPOOL
    }

}

     

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus
Aug 15, 2024

I see that article.  I see how to insert a custom header.  I don't see how to insert a custom header based on the client request of a specific address. 

If host = mypubliccnametoaddress.mydomain.com

if address is member of address group

insert value

We're already getting the X-Forward-For address, what we need to do is look at that address, and if the X-Forward-For address matches the four addresses we want to allow, and the traffic is bound for a specific pool, insert a value.  If not, do nothing.  Once the traffic passes through the F5, our proxy looks for the inserted value and allows or denies based on the request.