Forum Discussion

Nimbostratus

Aug 04, 2011

iRule to Filter on X-Netli-Forward-For value

I am trying to create an iRule that will look at the X-Netli-Forward-For value, and if it matches an IP address, it is forwarded on, if it does not, it is dropped. Basically, I only want to allow a gl...

Cirrostratus

Aug 04, 2011

If you create an address type datagroup you can use an iRule like this. Keep in mind that users can insert any arbitrary header. So if someone knew you were using this kind of logic they could bypass it.


when HTTP_REQUEST {

    Check if the XFF header is set and not null
   if {[HTTP::header X-Netli-Forward-For] ne ""}{

       Look up the value in the allowed_ips_class datagroup
      if {not [class match [IP::client_addr] equals allowed_ips_class]}{

  Reset the connection
 reject
      }
   }
}

Aaron

Forum Discussion

iRule to Filter on X-Netli-Forward-For value

Recent Discussions

APM parse HTTP Connector json to message box, iRule etc.

Cannot turn off strict updates

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Nature's Leaf CBD Gummies Is Right For You See Here

Custom https health monitor

Related Content

Non-English DNS Request filtering via iRules

Intermediate iRules: Iteration

irules

iRules LX Sideband Connection

Re: Getting Started with iRules: Events & Priorities