For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus
Aug 15, 2024
Solved

Header injection rule

Hello everyone. I need to make a rule that injects a header value based on the presence of specific client side IP addresses 192.168.0.1, 192.168.0.2, 192.168.0.3 Etc..   What I think it would be ...
application delivery
  • Paulius's avatar
    Paulius
    Aug 16, 2024

    I believe the following should work for you and you shouldn't need X-Forwarded-For.

    when HTTP_REQUEST priority 500 {

    if { [class match -- [IP::client_addr] equals "datagroup_name" ] } {
        HTTP::header insert proxy_action "trusted"
    }

    if { [HTTP::host] eq "myhost.mydomain.com" } {
        pool MYPOOL
    }

}

     

jzitnik's avatar
jzitnik
Icon for Nimbostratus rankNimbostratus
Aug 15, 2024

sorry I think this should be 

when HTTP_REQUEST {
       if { [HTTP::host] eq "myhost.mydomain.com" } {
       pool MYPOOL
       }
       if { [class match [IP::client_addr] equals "datagroup_name" ] } {
        HTTP::header insert "valuename" "trusted"
        }

Aswin_mk's avatar
Aswin_mk
Icon for MVP rankMVP
Aug 17, 2024

Is it worked after applying irules. Please let me know the working status

 

Br

Aswin 

  • jzitnik's avatar
    jzitnik
    Icon for Nimbostratus rankNimbostratus
    Aug 19, 2024

    The irule worked.  We had a check on the proxy that allowed or denied based on the value and it worked.  We had a different issue that caused a different problem, although it did help us figure out another issue we were not aware of.  Thanks everyone for your help.