Forum Discussion
JustCooLpOOLe
Cirrocumulus
CirrocumulusMultiple IPs coming in the client_addr and remote_addr header fields
I'm trying to write an iRule that only places a single IP address in the X-FORWARDED-FOR header. I am using the one below but we are seeing rare cases where the client_addr or remote_addr fields are coming in with multiple IP addresses and we want only one. Any help on suggestions to alter the iRule to always bring in the left most IP address would be greatly appreciated.
when HTTP_REQUEST {
log local0. "Client IP: [IP::client_addr], XFF: [HTTP::header X-Forwarded-For]"
if { [HTTP::header exists X-Forwarded-For] } {
If multiple IPs exist in header, strip out and replace with Original Client IP
log local0. "Too much in header...replace"
HTTP::header replace X-Forwarded-For "[IP::remote_addr]"
}
else {
If nothing in header, add Original Client IP
log local0. "Nothing in Header"
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}
log local0. "[HTTP::header X-Forwarded-For]"
}
dragonflymrCirrostratus
Hi,
First of all there is no way that [IP::remote_addr] can return multiple IPs - just not possible with TCP.
I guess your conclusion is based on the fact that request arriving to the backend host is still containing multiple XFF headers.
Reason is simple, if original request contains multiple XFF headers then HTTP::header replace is just replacing value/s in last XFF header.
Use combination of:
HTTP::header remove X-Forwarded-Forfollowed by:
HTTP::header insert X-Forwarded-For [IP::remote_addr]Piotr