Forum Discussion
Alan_Millar
Nimbostratus
NimbostratusIP Filtering using Xff-clientip in iRule
We are currently using IP filtering for URIs like this:
} elseif { ([HTTP::uri] starts_with "/site") and ( [class match [IP::client_addr] equals management_IP])} {
use pool pSite
However we just started passing the traffic through a web security provider, so the source IP addresses are now the security provider IP. Is there a way we can use the X-Forwarded-For IP address in this kind of filtering?
You are right Stan! Thanks for the contribution.
, here is the new code:
when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/site") } { if {[HTTP::header exists "X-Forwarded-For"]} { set clientIP [string trim [getfield [HTTP::header value "X-Forwarded-For"] "," 1] " "] if { ([class match $clientIP equals management_IP]) } { pool pSite } } else { pool pSite } } }KR,
Dario.
Hello Alan.
Try with this code:
when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/site") } { if {[HTTP::header exists "X-Forwarded-For"]} { set clientIPList [split [HTTP::header value "X-Forwarded-For"] ","] set clientIP [lindex $ipList 0] if { ([class match $clientIP equals management_IP]) } { pool pSite } } else { pool pSite } } }KR,
Dario.
Stanislas_Piro2Cumulonimbus
2 optimizations to your code:
- use getfield command instead of split / lindex
- use string trim command on the result to make sure there is no space before the comma
You are right Stan! Thanks for the contribution.
, here is the new code:
when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/site") } { if {[HTTP::header exists "X-Forwarded-For"]} { set clientIP [string trim [getfield [HTTP::header value "X-Forwarded-For"] "," 1] " "] if { ([class match $clientIP equals management_IP]) } { pool pSite } } else { pool pSite } } }KR,
Dario.
