Forum Discussion
Andrew_7467
Nimbostratus
NimbostratusInsert something into header to distiguish public and private IP Addresses
All, I am working with our developers and need some assistance. What they would like to do is insert a custom header based on the client address. If it is RFC1918 addresses (172.18.0.0, 192.168.0.0, 10.0.0.0 addresses) they don't have to validate the user. Any other address is seen as an external user and we would like to have a custom header inserted. If they find this header on any packet, we assume the request is an external user attempting to access an internal resource, so we do validation against that user.
I tried this but I don't think this is what I am looking for, as far as a custom header and it is not passing validation within iRule editor.
when CLIENT_ACCEPTED {
if {[IP::addr[IP::remote_addr] equals 172.18.0.0 255.0.0.0] or [IP::addr[IP::remote_addr] equals 10.0.0.0 255.0.0.0]}{
HTTP::header insert ["internal_user"]
}else {
HTTP::header insert ["external_user"]
}
}
when CLIENT_ACCEPTED {
if {[IP::addr[IP::remote_addr] equals 172.18.0.0 255.0.0.0] or [IP::addr[IP::remote_addr] equals 10.0.0.0 255.0.0.0]}{
HTTP::header insert ["internal_user"]
}else {
HTTP::header insert ["external_user"]
}
}
Any ideas? Hopefully someone has seen this before.
Thanks...
Andy
hooleylistCirrostratus
Hi Andy,
Can you try this:when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 172.16.0.0/12] or [IP::addr [IP::remote_addr] equals 10.0.0.0/8]}{ HTTP::header insert "user_type" "internal_user" } else { HTTP::header insert "user_type" "external_user" } }
I think you had a few issues with the masks in the IP::addr command, spaces around the brackets and needing a header name and value for the HTTP::header insert command.
If this doesn't work, can you post the error from the iRule editor?
Aaron
Andrew_7467Hey Hoolio thanks so much!
Most of my errors have gone away now, except on line 3 I am still getting the following:
line 3: [command is not valid in current event context (CLIENT_ACCEPTED)] [HTTP::header insert "user_type" "internal_user"]
Michael_YatesHi Andrew,
That must have been a typo. You can just change the event from CLIENT_ACCEPTED to HTTP_REQUEST. The HTTP::header is only listed as a valid event in the following events:
Valid Events:
CACHE_REQUEST, CACHE_RESPONSE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, REWRITE_REQUEST_DONE, SERVER_CONNECTED
http://devcentral.f5.com/wiki/iRules.HTTP__header.ashx- Andrew_7467Awesome! Michael and Hoolio, thanks a bunch to both of you. I guess I was missing the target but hitting the tree. DevCentral rocks. Moving on the acceptance testing and will let you know how that goes.
Andy - hooleylistPosted By Michael Yates on 09/09/2011 10:51 AM
Hi Andrew,
That must have been a typo.
Yep :). Thanks for correcting that.
Aaron