Forum Discussion

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus
Aug 15, 2024

Header injection rule

Hello everyone. I need to make a rule that injects a header value based on the presence of specific client side IP addresses 192.168.0.1, 192.168.0.2, 192.168.0.3 Etc..   What I think it would be ...
application delivery
  • Paulius's avatar
    Paulius
    Aug 16, 2024

    I believe the following should work for you and you shouldn't need X-Forwarded-For.

    when HTTP_REQUEST priority 500 {

    if { [class match -- [IP::client_addr] equals "datagroup_name" ] } {
        HTTP::header insert proxy_action "trusted"
    }

    if { [HTTP::host] eq "myhost.mydomain.com" } {
        pool MYPOOL
    }

}

     

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus
Aug 15, 2024

I see that article.  I see how to insert a custom header.  I don't see how to insert a custom header based on the client request of a specific address. 

If host = mypubliccnametoaddress.mydomain.com

if address is member of address group

insert value

We're already getting the X-Forward-For address, what we need to do is look at that address, and if the X-Forward-For address matches the four addresses we want to allow, and the traffic is bound for a specific pool, insert a value.  If not, do nothing.  Once the traffic passes through the F5, our proxy looks for the inserted value and allows or denies based on the request.