Forum Discussion

Nimbostratus

Nov 17, 2011

iRule redirect via Geolocation

I'm looking to implement an iRule that leverages geolocation to redirect certain traffic from specific states. Since we leverage a CDN, I will need to use the X-Forwarded-For field for the incoming IP...

Cirrostratus

Nov 17, 2011

Hi zbirmingham,

There might be multiple XFF headers or multiple XFF values in a single header. And keep in mind that a client can insert any XFF value they want. With those in mind, how would you want to handle the XFF values if there are more than one?

Can you have the CDN change the name of the header they insert in their requests to something that isn't X-Forwarded-For? This would lower the chance of another proxy inserting a header with the same name (but not lower the chance that a malicious user could spoof their own header value to bypass your iRule logic).

If you move the code from the CLIENT_ACCEPTED event to the HTTP_REQUEST event, it would work if there is just one XFF value. But it would be better to use a switch statement so you're only running the whereis command once instead of twice.

Aaron

Forum Discussion

iRule redirect via Geolocation

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

iRule assistance for subfolder redirect

Simple HTTP::redirect iRule results in a reset

HTTP::redirect doesn't work for multiple conditions, URL redirect doesn't work using iRule

Need Irule for redirection for port translation

Create iRule 404 Page redirect