Forum Discussion

Nimbostratus

Aug 04, 2011

iRule to Filter on X-Netli-Forward-For value

I am trying to create an iRule that will look at the X-Netli-Forward-For value, and if it matches an IP address, it is forwarded on, if it does not, it is dropped. Basically, I only want to allow a gl...

Cirrostratus

Aug 04, 2011

If you create an address type datagroup you can use an iRule like this. Keep in mind that users can insert any arbitrary header. So if someone knew you were using this kind of logic they could bypass it.


when HTTP_REQUEST {

    Check if the XFF header is set and not null
   if {[HTTP::header X-Netli-Forward-For] ne ""}{

       Look up the value in the allowed_ips_class datagroup
      if {not [class match [IP::client_addr] equals allowed_ips_class]}{

  Reset the connection
 reject
      }
   }
}

Aaron

Forum Discussion

iRule to Filter on X-Netli-Forward-For value

Recent Discussions

I RECOVERED MY DIGITAL ASSETS LOST TO FAKE FOREX BROKER

Learn & Recover stolen or lost cryptocurrency with Mighty Hacker Yuri

Cookie insert via http:redirect - can it be configured "secure"?

health monitor without hostname

Pulse secure Ssl vpn

Related Content

IP Filtering using Xff-clientip in iRule

Custom error page iRule with IP address filtering

Filter to allow certain URL/URI

iRULE regsub error

owa iapp assign irule