Forum Discussion

Annsar_Akhtar's avatar
Annsar_Akhtar
Icon for Nimbostratus rankNimbostratus
Oct 23, 2013

Irule query custom header

Hi Guys

 

We have requirement to capture the original client ip address but our hosted sites are proxied via Akamai who have an option to enable a custom header with the true client ip address.

 

Is it possible to look for a custom header with an irule and then pass that value into class match for evaluation?

 

My irule skills are very basic so not sure if something similar to below will work:

 

when HTTP_REQUEST { if { ( [HTTP::header exists custom header] ) } { set state [class match -value [whereis custom header state] equals data_group] switch $state { ..........

 

Thanks in advance

 

application delivery
devops
iRules

6 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 23, 2013

    You're pretty close. Try something like this:

    when HTTP_REQUEST {
    if { [HTTP::header exists AKAMAI_HEADER] } {
        if { [class match [HTTP::header AKAMAI_HEADER] equals my_data_group] } {
            set state [class match -value [HTTP::header AKAMAI_HEADER] equals my_data_group]
            switch $state {
                "value1" { }
                "value2" { }
                default {
                     what do you do if the data group value doesn't match one of your switch states?
                }
            }
        } else {
             what do you do if the AKAMAI header doesn't match a data group entry?                
        }
    } else {
         what do you do if the AKAMAI header doesn't exist?
    }
}
  • Annsar_Akhtar's avatar
    Annsar_Akhtar
    Icon for Nimbostratus rankNimbostratus
    Oct 23, 2013

    Thanks for that, I am hoping to enable the Akamai custom header tomorrow.

     

    Sorry another question is it possible to use the value captured for geo based targeting as ideally I would wanted to use the IP::client_addr so wondered if the value captured could be used to set the IP::client_addr if its possible ,i.e Akamai_header equals=IP::client_addr

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 23, 2013

    Are you asking if the client's source address can be altered with the HTTP header value, so that the value exists in the IP::client_addr value? If so, then no it cannot. Aside from being a potentially very dangerous thing to do, the source address is collected/evaluated at layer 3, while the HTTP header is collected much later at layer 7.

     

  • Annsar_Akhtar's avatar
    Annsar_Akhtar
    Icon for Nimbostratus rankNimbostratus
    Oct 23, 2013

    I think I might have found the answer to my question and possibly an irule I could potentially modify etc..on https://devcentral.f5.com/questions/geoip-redirection-irule:

         Parse the client IP from the CDN header
    set client_ip [HTTP::header value "Client-IP"]
    if { $client_ip eq "" }{
         The header was empty/did not exist, so use the actual client IP
        set client_ip [IP::client_addr]

    I dont know if the above is valid but if I am able to do something similar as what the client_ip is used for, then I could just replace with the Akamai_Header

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 23, 2013

    The above rule basically says, if the HTTP header "Client-IP" exists, use it. Otherwise use the client's true source. That will not, however, change the value of IP::client_addr], only the local variable.

     

  • Annsar_Akhtar's avatar
    Annsar_Akhtar
    Icon for Nimbostratus rankNimbostratus
    Oct 23, 2013

    Yeah I misread it but you have given me a good starting point to test with so will post back if I run into any issues thanks again for pointing me in the right direction