Forum Discussion

Jibinpv_254622's avatar
Jibinpv_254622
Icon for Nimbostratus rankNimbostratus
Jun 07, 2018

Logging X-Forwarded ip address on ltm logs via irule.

Hi Team, Im in a situation where have tried almost all the ways to log the X-forwarded ip address on the LTM logs ,well so far no success. Have used the below irule - It is still picking the physical ip address of the connection.

 

when HTTP_REQUEST

 

{ log local0. "SOURCE_IP=[HTTP:Header X-Forwarded-For] HOST=[HTTP::host] URI=[HTTP::uri] LB=[LB::server] User-Agent=[HTTP::header User-Agent] SSL_VERSION=[SSL::cipher version] CIPHER=[SSL::cipher name] BITS=[SSL::cipher bits]" }

 

Any thoughts from you all will be of great help

 

application delivery
LTM
  • leonline_225556's avatar
    leonline_225556
    Icon for Altostratus rankAltostratus
    Jun 07, 2018

    Hi Jibinpv,

    You have used HTTP:Header which should be HTTP::header. So please use [HTTP::header X-Forwarded-For]

    Try this iRule to get all the HTTP request headers in /var/log/ltm

    when HTTP_REQUEST 
{
    log local0. "============================================="
    foreach arrayHeaders [HTTP::header names] 
    {
        log local0. "$arrayHeaders: [HTTP::header value $arrayHeaders]"
    }
    log local0. "============================================="
}
    • Jibinpv's avatar
      Jibinpv
      Icon for Nimbostratus rankNimbostratus
      Jun 07, 2018

      Hi Leoline,

       

      Apologies ,that was a typo from me while copy pasted here. The actual config includes [HTTP::header X-Forwarded-For]. Also I have tried the suggest irule too which given me a TCL error.

       

      TCL error: - can't read "arrayHeaders": no such variable while executing "log local0. "$arrayHeaders: [HTTP::header value $arrayHeaders]

       

    • leonline_225556's avatar
      leonline_225556
      Icon for Altostratus rankAltostratus
      Jun 07, 2018

      Hi Jibinpv,

       

      Which version are you running? Are you using a standard vs with http profile enabled?

       

    • Sunny_291145's avatar
      Sunny_291145
      Icon for Nimbostratus rankNimbostratus
      Jun 07, 2018

      You can replace arrayHeaders with aHeader

       

      Which looks like

       

      when HTTP_REQUEST { log local0. "=============================================" foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" } log local0. "=============================================" }

       

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 07, 2018

    Hi,

    try this, you will retrieve XFF Info:

        when HTTP_REQUEST {
    if { [HTTP::header exists X-Forwarded-For] } {
        log local0. "Received XFF from [IP::client_addr]: [HTTP::header X-Forwarded-For]"    
    }
}
  • Sunny_291145's avatar
    Sunny_291145
    Icon for Nimbostratus rankNimbostratus
    Jun 07, 2018

    I am using below irule which is working fine to me

     

    when HTTP_REQUEST { set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]" log local0. "=============================================" log local0. "$LogString (request)" foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" } log local0. "=============================================" } when HTTP_RESPONSE { log local0. "=============================================" log local0. "$LogString (response) - status: [HTTP::status]" foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" } log local0. "============================================="

     

    }