henry_kay_36032
Apr 03, 2018Nimbostratus
SNAT based on XFF to internet
Hi All,
my company is trying to get LTM to work with ironport proxy. The proxy gateway is pointed to F5 and we have configured a performance L4 virtual server to allow the traffic to passthrough. so far what we observed from our irules, the XFF header is not match properly and it is intermittently having issue.
when HTTP_REQUEST {
set XFF [HTTP::header X-Forwarded-For]
log local0. $XFF
if { [catch {class match [HTTP::header "X-Forwarded-For"] equals abc-address}] } {
log local0. "$XFF hit ABC"
snatpool SNAT_POOL_1.1.1.1
} elseif { [catch {class match [HTTP::header "X-Forwarded-For"] equals def-address}] } {
log local0. "$XFF hit DEF"
snatpool SNAT_POOL_2.2.2.2
} elseif {[class match [IP::client_addr] equals proxy-address]} {
log local0. "not nat. proxy going to internet"
} else
{
log local0. "Not matching any ip. traffic dropped"
drop
}
}
would anyone be able to help advise if it is the rule having issue?