Forum Discussion

ant77's avatar
ant77
Icon for Cirrostratus rankCirrostratus
Aug 30, 2021

Persist profile using XFF to read client IP address

Hi All,

Based on what we are using below, traffic to our website goes through a CDN that changes the "real" client's IP address to their proxy IP...So we can't use source-client IP persistency on the F5 because of this. What we are doing below is using an iRule to read the XFF header, and based on the XFF header, we load balancing to both server A/B based on the unique client IP...

So the question here is...is there a way I can also match a single IP address from the XFF (example 200.200.200.200), and

send them to only ServerB only? We want to load balance all external to both serverA and serverB equally, but 200.200.200.200 to server B only

regardless..Can this be done by modifying the iRule below?

Thank you in advance!

F5 POOL Name: AppServer123

  • ServerA - 10.10.10.10
  • ServerB - 10.10.10.11

*** iRule used by persistence profile that will persist to a server in a pool based on client's source IP address ***

when HTTP_REQUEST { 
    if {[HTTP::header X-Forwarded-For] != ""} then {
        persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]
    } else {
persist uie [IP::client_addr]
    }
}
application delivery
iRules
LTM
  • oguzy's avatar
    oguzy
    Icon for Cirrostratus rankCirrostratus
    Aug 31, 2021

    Hi ant77,

    You can try below one (please do not forget to change port_number to listening port on your backend server):

    when HTTP_REQUEST { 
  set clientip [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]
  if {[HTTP::header X-Forwarded-For] != "" && $clientip equals "200.200.200.200" } then {
      persist uie $clientip
      node 10.10.10.11 port_number
  } else {
      persist uie [IP::client_addr]
      pool AppServer123
  }
}

    https://clouddocs.f5.com/api/irules/node.html

    If you also need to persistence based on XFF other than 200.200.200.200, you should modify the irule.

  • spalande's avatar
    spalande
    Icon for Nacreous rankNacreous
    Aug 31, 2021

    Below iRule should cater the requirement of requests coming without XFF and using persistance based on original clientIP. And also, would use persistence based on XFF for other than 200.200.200.200

    when HTTP_REQUEST {
if {not [HTTP::header exists "X-Forwarded-For"] } {
persist uie [IP::client_addr]
return
}  else  {
set xff [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]
}
if { ([HTTP::header exists "X-Forwarded-For"]) and ($xff equals "200.200.200.200") }{
node 10.10.10.11 443
return
}  else  {
persist uie $xff
  }
}