Forum Discussion

EBS_Support_258's avatar
EBS_Support_258
Icon for Nimbostratus rankNimbostratus
Dec 06, 2007

How to use IRule to determine client ip after pass through Proxy

Hi All,

 

 

I'm very new to F5 products and thus know only a little about iRules.

 

 

I use this irule to load balance my HTTP traffic

 

 

(x.x.x.x) is IP for exclusive that will use pool A and others will use pool B

 

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::remote_addr] equals x.x.x.x]}

 

{

 

pool Pool_A

 

}

 

else {

 

pool Pool_B

 

}

 

}

 

 

Later, There is a proxy coming and now exclusive and others have the same IP after pass through proxy.

 

I try to search this forum and found I have to do something with "X-Forwarded-For" but I don't know exactly what to do.

 

 

Could anyone guide me through this ?

 

 

Best Regards,
application delivery
dev
devops
iRules
  • Patrick_Chang_7's avatar
    Patrick_Chang_7
    Historic F5 Account
    Dec 06, 2007
    X-Forwarded-For is what F5 can add to the headers when it is the proxy. It sounds like you are talking about another device that is acting as a proxy. Check to see if that proxy adds a custom header that you can use to read the IP address. Standard practice is to do so, but the header name is no universal. Many use X-Forwarded-For and many use X-Remote-Addr. If the proxy does not add such a header, you must find something else besides IP address to identify your users.
  • EBS_Support_258's avatar
    EBS_Support_258
    Icon for Nimbostratus rankNimbostratus
    Dec 06, 2007

    Posted By pchang on 12/05/2007 10:11 PM

     

    X-Forwarded-For is what F5 can add to the headers when it is the proxy. It sounds like you are talking about another device that is acting as a proxy. Check to see if that proxy adds a custom header that you can use to read the IP address. Standard practice is to do so, but the header name is no universal. Many use X-Forwarded-For and many use X-Remote-Addr. If the proxy does not add such a header, you must find something else besides IP address to identify your users.

     

     

     

    Thanks for your reply,

     

     

    If the proxy (In this case is BlueCoat) is add X-Remote-Addr header, then how to configure F5 to use it ?
  • Nicolas_Berthie's avatar
    Nicolas_Berthie
    Historic F5 Account
    Dec 06, 2007
    Bluecoat proxy can add X-Forwarded-For header that is "de facto" standard header to insert real client IP address. If header inserted is "X-Remote-Addr" you can use this iRule :

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::header "X-Remote-Addr"] equals "x.x.x.x"}

     

    {

     

    pool Pool_A

     

    }

     

    else

     

    {

     

    pool Pool_B

     

    }

     

    }

     

     

    Hope this help.

     

     

    Regards,

     

     

    Nicolas