Forum Discussion

zbirmingham's avatar
zbirmingham
Icon for Nimbostratus rankNimbostratus
Nov 17, 2011

iRule redirect via Geolocation

I'm looking to implement an iRule that leverages geolocation to redirect certain traffic from specific states. Since we leverage a CDN, I will need to use the X-Forwarded-For field for the incoming IP...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Nov 17, 2011
Hi zbirmingham,

 

 

There might be multiple XFF headers or multiple XFF values in a single header. And keep in mind that a client can insert any XFF value they want. With those in mind, how would you want to handle the XFF values if there are more than one?

 

 

Can you have the CDN change the name of the header they insert in their requests to something that isn't X-Forwarded-For? This would lower the chance of another proxy inserting a header with the same name (but not lower the chance that a malicious user could spoof their own header value to bypass your iRule logic).

 

 

If you move the code from the CLIENT_ACCEPTED event to the HTTP_REQUEST event, it would work if there is just one XFF value. But it would be better to use a switch statement so you're only running the whereis command once instead of twice.

 

 

Aaron