Forum Discussion
Alan_Millar
Nimbostratus
NimbostratusIP Filtering using Xff-clientip in iRule
We are currently using IP filtering for URIs like this: } elseif { ([HTTP::uri] starts_with "/site") and ( [class match [IP::client_addr] equals management_IP])} { use pool pSite ...
You are right Stan! Thanks for the contribution.
, here is the new code:
when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/site") } { if {[HTTP::header exists "X-Forwarded-For"]} { set clientIP [string trim [getfield [HTTP::header value "X-Forwarded-For"] "," 1] " "] if { ([class match $clientIP equals management_IP]) } { pool pSite } } else { pool pSite } } }KR,
Dario.
Hello Alan.
Try with this code:
when HTTP_REQUEST {
if { ([HTTP::uri] starts_with "/site") } {
if {[HTTP::header exists "X-Forwarded-For"]} {
set clientIPList [split [HTTP::header value "X-Forwarded-For"] ","]
set clientIP [lindex $ipList 0]
if { ([class match $clientIP equals management_IP]) } {
pool pSite
}
} else {
pool pSite
}
}
}KR,
Dario.
Stanislas_Piro2
Cumulonimbus
Cumulonimbus2 optimizations to your code:
- use getfield command instead of split / lindex
- use string trim command on the result to make sure there is no space before the comma
You are right Stan! Thanks for the contribution.
, here is the new code:
when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/site") } { if {[HTTP::header exists "X-Forwarded-For"]} { set clientIP [string trim [getfield [HTTP::header value "X-Forwarded-For"] "," 1] " "] if { ([class match $clientIP equals management_IP]) } { pool pSite } } else { pool pSite } } }KR,
Dario.
- Stanislas_Piro2
From tcl string wiki
string trim string ?chars?
Returns a value equal to string except that any leading or trailing characters present in the string given by chars are removed. If chars is not specified then white space is removed (spaces, tabs, newlines, and carriage returns).
So no need to define the space in string trim command...
Alan_MillarThis is working properly, thank you for the help!