Forum Discussion
henry_kay_36032
Nimbostratus
NimbostratusSNAT based on XFF to internet
Hi All,
my company is trying to get LTM to work with ironport proxy. The proxy gateway is pointed to F5 and we have configured a performance L4 virtual server to allow the traffic to passthrough.
...
Try something like this:
when HTTP_REQUEST {
if {[HTTP::header values "X-Forwarded-For"] ne ""}{
foreach xff [split [string map [list " " ""] [HTTP::header "X-Forwarded-For"]] ","] {
log local0. "Current XFF element: $xff"
if { [class match $xff eq abc-address2] } {
log local0. "$xff hit ABC"
snatpool SNAT_POOL_1.1.1.1
return
}
if { [class match $xff eq def-address] } {
log local0. "$xff hit DEF"
snatpool SNAT_POOL_2.2.2.2
return
}
}
}
else {
log local0. "No X-Forwarded-For header found."
}
if {!([class match [IP::client_addr] equals proxy-address])} {
log local0. "Not matching any ip. traffic dropped"
drop
}
}