Redirect based on IP within X_FORWARDED_FOR

Question

Hi, 
&nbsp; I am looking to find the way to redirect requests made to a virtual server to be redirected to a another Pool, based on the IP address within X_forwarded_for header.  
&nbsp;  
&nbsp;  
&nbsp; Thanks 
&nbsp;  
&nbsp; Emilio

the_bhattman · Answer

How about

when HTTP_REQUEST { 
   if { [HTTP::header "X-Forwarded-For"] == "192.168.5.100" }  {  
     pool uat_pool 
   } else {  
     pool main_pool  
   } 
 }

hope this helps 
 CB

emilio_104473 · Answer

That worked. I found another one which utilizes the data groups. 
&nbsp;  
&nbsp; when HTTP_REQUEST {  
&nbsp;    if { [HTTP::header exists "X-Forwarded-For"] } {  
&nbsp;      set xff [HTTP::header "X-Forwarded-For"]  
&nbsp;       xff may be in format of addr1,addr2,addr3  
&nbsp;      set addrs [split $xff ","]  
&nbsp;      foreach addr $addrs {  
&nbsp;        if { [matchclass $::banned_addr_list equals $addr] } {  
&nbsp;          reject  
&nbsp;        }  
&nbsp;      }  
&nbsp;    }  
&nbsp;  } 
&nbsp;  
&nbsp; Thank you, 
&nbsp; Emilio

hoolio · Answer

Hi Emilio, 
&nbsp;  
&nbsp; An XFF header value (or multiple XFF headers) can be inserted manually by a malicious client.  I don't think it would be very bulletproof to depend on this header value to prevent known bad client IP addresses from accessing the VIP.  It would be more ideal to filter at the device that sees the original client IP address as the source of the TCP packets. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Redirect based on IP within X_FORWARDED_FOR

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

(HTTP) Redirection via Arbitrary Host Header

Anchor Link Redirect

Rewriting Redirects

url redirect

BIG-IP Solutions: Simple URL Redirects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS