Forum Discussion

Tony2020

Nimbostratus

Jun 27, 2016

Parse XFF header for Client IP and allow based on URI and DataGroup match

Hi Guys, I am trying to restrict access to certain URIs and looking at the XFF header (read/strip) from an iRule but having issue paring the IPs from XFF to make logical decision off of it. B...

devops

iRules

Vijay_E

Cirrus

Jun 27, 2016

when HTTP_REQUEST {
 if { [class match [HTTP::uri] eq "CLASS_RESTRICTED_URI"] } {
    if { ([HTTP::header exists "X-Forwarded-For"]) and ([HTTP::header values X-Forwarded-For] ne "") and ([class match [getfield [HTTP::header values X-Forwarded-For] " " 1] eq "CLASS_RFC1918"]) } {
    log local0."[HTTP::header X-Forwarded-For]"
    pool POOL_WEB_SERVERS
  } else {
    drop
  }
}
}

Another possible option:

when HTTP_REQUEST {
 if { [class match [HTTP::uri] eq "CLASS_RESTRICTED_URI"] } {
    if { ([HTTP::header exists "X-Forwarded-For"]) and ([HTTP::header values X-Forwarded-For] ne "") and ([class match [lindex [split [HTTP::header values X-Forwarded-For] " "] 0] eq "CLASS_RFC1918"]) } {
    log local0."[HTTP::header X-Forwarded-For]"
    pool POOL_WEB_SERVERS
  } else {
    drop
  }
}
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)