Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Red_19's avatar
Red_19
Icon for Nimbostratus rankNimbostratus
Apr 08, 2019

iRule to retrieve the first IP from an HTTP header

Requirement: client traffic will have a header named "Client_IP_XFF" which will have more than 1 IP. They want the LTM to retrieve the first IP from this header and insert it into X-Forwarded-For hea...
application delivery
irules
Lee_Sutcliffe's avatar
Lee_Sutcliffe
Icon for Nacreous rankNacreous
Apr 08, 2019

You need to convert the multiple IP addresses into a TCL list using '

,
' as a delimiter. Then use 
lindex
to return the first element.

I've modified your iRule a bit, try the following and let me know how you get on.

when HTTP_REQUEST {

     remove XFF header, will inset this again later
    if {[HTTP::header exists "X-Forwarded-For"]} {
        HTTP::header remove "X-Forwarded-For"
    }

    if {[HTTP::header exists "Client_IP_XFF"]}{
         split Client_IP_XFF value into a list
        set ipList [split [HTTP::header value "Client_IP_XFF"] ","]
         use first element of list for XFF value
        HTTP::header insert "X-Forwarded-For" [lindex $ipList 0] 
    } else {
        HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] % 1] 
    } 
}