Forum Discussion
NimbostratusReplace X-Forwarded-For value with client IP
I am trying to remove an existing X-Forwarded-For field in an HTTP header with my actual client IP address via an iRule. Currently, I have a VS configured with a HTTP profile and code in the iRule that is supposed to remove existing XFF entries and replace it with a XFF entry containing my actual client IP address however whenever I use a chrome extension to spoof a made up IP value and put it in the XFF field, the iRule is not stripping the value and replacing it. The code I am trying to use is this:
when HTTP_REQUEST { HTTP::header remove X-Forwarded-For
HTTP::header insert X-Forwarded-For [IP::remote_addr] }
however I have been working on this a few days now and have used probably 10 different variations of the similar code found across different dev central articles, none of which seem to touch the XFF field. I'm not sure anything on the F5 is actually touching the XFF field and the spoofing tool I'm using is the only thing able to actually insert into the header. I really just want something that can remove any current XFF fields and insert the actual client IP into the XFF field.
Any help would be greatly appreciated. Support hasn't been able to help with me on this.
Jad_Tabbara__J1Cirrostratus
Hello,
Have you tried to use the replace instead of remove/insert
HTTP::header replace X-Forwarded-For [IP::remote_addr]
https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx
mbkosiba_310067I ended up using a policy to get this working.
Match on following conditions: All traffic
Do the following when the traffic is matched:
Replace http header named X-Forwarded-For with value tcl:[IP::client_addr] at request time