Forum Discussion

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus
Aug 15, 2024

Header injection rule

Hello everyone. I need to make a rule that injects a header value based on the presence of specific client side IP addresses 192.168.0.1, 192.168.0.2, 192.168.0.3 Etc..   What I think it would be ...
application delivery
  • Paulius's avatar
    Paulius
    Aug 16, 2024

    I believe the following should work for you and you shouldn't need X-Forwarded-For.

    when HTTP_REQUEST priority 500 {

    if { [class match -- [IP::client_addr] equals "datagroup_name" ] } {
        HTTP::header insert proxy_action "trusted"
    }

    if { [HTTP::host] eq "myhost.mydomain.com" } {
        pool MYPOOL
    }

}

     

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus

sorry I think this should be 

when HTTP_REQUEST {
       if { [HTTP::host] eq "myhost.mydomain.com" } {
       pool MYPOOL
       }
       if { [class match [IP::client_addr] equals "datagroup_name" ] } {
        HTTP::header insert "valuename" "trusted"
        }

Paulius's avatar
Paulius
Icon for MVP rankMVP
Aug 16, 2024

I believe the following should work for you and you shouldn't need X-Forwarded-For.

when HTTP_REQUEST priority 500 {

    if { [class match -- [IP::client_addr] equals "datagroup_name" ] } {
        HTTP::header insert proxy_action "trusted"
    }

    if { [HTTP::host] eq "myhost.mydomain.com" } {
        pool MYPOOL
    }

}

 

  • jzitnik's avatar
    jzitnik
    Icon for Nimbostratus rankNimbostratus
    Aug 19, 2024

    What do the two "--" do after the class match?

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP
      Aug 20, 2024

      Doesn't allow argument injection, so terminates options.