Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Tony2020's avatar
Tony2020
Icon for Nimbostratus rankNimbostratus
Jun 27, 2016

Parse XFF header for Client IP and allow based on URI and DataGroup match

Hi Guys,   I am trying to restrict access to certain URIs and looking at the XFF header (read/strip) from an iRule but having issue paring the IPs from XFF to make logical decision off of it.   B...
devops
irules
Vijay_E's avatar
Vijay_E
Icon for Cirrus rankCirrus
Jun 27, 2016
when HTTP_REQUEST {
 if { [class match [HTTP::uri] eq "CLASS_RESTRICTED_URI"] } {
    if { ([HTTP::header exists "X-Forwarded-For"]) and ([HTTP::header values X-Forwarded-For] ne "") and ([class match [getfield [HTTP::header values X-Forwarded-For] " " 1] eq "CLASS_RFC1918"]) } {
    log local0."[HTTP::header X-Forwarded-For]"
    pool POOL_WEB_SERVERS
  } else {
    drop
  }
}
}

Another possible option:

when HTTP_REQUEST {
 if { [class match [HTTP::uri] eq "CLASS_RESTRICTED_URI"] } {
    if { ([HTTP::header exists "X-Forwarded-For"]) and ([HTTP::header values X-Forwarded-For] ne "") and ([class match [lindex [split [HTTP::header values X-Forwarded-For] " "] 0] eq "CLASS_RFC1918"]) } {
    log local0."[HTTP::header X-Forwarded-For]"
    pool POOL_WEB_SERVERS
  } else {
    drop
  }
}
}