Forum Discussion
NimbostratusHow to block embedded IP in http header
I have virtual server which is getting lot of traffic from malicious IP. We are doing X-forwarder on that virtual server. IP is embedded into http header . I need to block embedded IP and continue sending X-forwarding for legitimate IP. Below is the sample
X-MS-Forwarded-Client-IP: 113.61.46.130, X-MS-Client-Application: Microsoft.Exchange.SMTP, X-Forwarded-For: 52.98.65.21
I want to block IP 113.61.46.130
I am using LTM version 13.0.0. Please help me how to block it.
vikas_goel_1813I have configured below Irule but it doesnt seems to work
when HTTP_REQUEST { if {[matchclass [IP::client_addr] equals DATA-Group-Name] } { drop } else { HTTP::header insert X-Forwarded-For [IP::remote_addr] } }
Only1masterbla1Cirrus
Compare IP address this way: [IP::addr [IP::client_addr] equals 10.10.10.10]
More details: https://devcentral.f5.com/wiki/iRules.IP__addr.ashx
- Kevin_Davies
Nacreous
If the original IP address is not on the client side then try this.
when HTTP_REQUEST { if {[HTTP::header X-MS-Forwarded-Client-IP] starts_with "113.61.46.130" } drop } }If that works then build your iRule out from that logic. If you need the first field use getfield and comma as a delimiter.
- vikas_goel_1813
I have figured the irule from another post and its working fine
when HTTP_REQUEST { foreach axff [HTTP::header values X-MS-Forwarded-Client-IP] { foreach anip [split [string map {" " ""} $axff] ","] { if { [class match -- $anip equals DG-Group-NAME] } { log local0. "$anip is rejected" reject return } } } }
