HTTP header searching

Question

Hi all.&nbsp;
&nbsp;Can someone help me with my understanding of searching http headers using iRules please?&nbsp;
&nbsp;I have a pool that inserts this in the http header:
&nbsp;ConnectionSourceIP:${client_addr}&nbsp;
&nbsp;What I want to do is with an iRule check for the existence of this in the header before the pool, and discard. i.e.&nbsp;
&nbsp;if (exists http_header "ConnectionSourceIP") {
&nbsp;  log "IP Header Spoof from:${client_addr}"
&nbsp;  discard
&nbsp;}
&nbsp;else {
&nbsp; use pool pool_1
&nbsp;}&nbsp;
&nbsp;sort of thing. What I want to do is stop someone trying to spoof source IP address as this header field will be checked by the web application.&nbsp;
&nbsp;Any ideas? Will this work or is there a better way?&nbsp;
&nbsp;Thanks
&nbsp; - Derek.

martin_machacek · Answer

Derek,&nbsp;
&nbsp;your solution should work. It is by no means a bullet proof security, but detecting that somebody is trying to send you headers that (s)he has no business knowing about is a good indication of attack attempts.

derek_nelson_10 · Answer

Great feedback. Thanks.&nbsp;
&nbsp;A final question is:&nbsp;
&nbsp;Do I have to add a space character in the insertion, after the colon?
&nbsp;i.e. ConnectionSourceIP: ${client_addr} 
&nbsp;  or would 
&nbsp;ConnectionSourceIP:${client_addr}
&nbsp;  still work?&nbsp;
&nbsp;I haven't tried to do fake header insertion (not quite sure how to do this yet) to test...&nbsp;
&nbsp;Cheers,
&nbsp; - Derek.

derek_nelson_10 · Answer

Thanks. I was thinking more of for the iRule that checks for existence of the header. If the header is inserted without a space after the colon does it cause problems? or does some protocol magic put one in, etc?&nbsp;
&nbsp;Thanks,
&nbsp; - Derek.

martin_machacek · Answer

In general BIG-IP follows syntax rules defined in RFC2616 when parsing HTTP requests and responses. All it needs to see in order to detect presence of a header is "header_name:" at the beginning of a line. The rest of the line does not matter. BTW, header matching is case in-sensitive.

Forum Discussion

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Related Content

Log Http Headers

(HTTP) Redirection via Arbitrary Host Header

F5 XC Distributed Cloud HTTP Header/Cookie manipulations and using the client ip/user headers

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

F5 HTTPS Redirect 2025