You'd need to parse out the IP's from the XFF header value. Can you configure whatever device is inserting the XFF to use a more unique header name? If not, you could use something like this to parse comma separated IPs:
when HTTP_REQUEST {
Select the prodpool by default
pool prodpool
Check if XFF header has a value
if {[HTTP::header "X-Forwarded-For"] ne ""}{
Some proxies append their XFF value to any existing XFF header.
Check if XFF header value contains a comma
if {[HTTP::header "X-Forwarded-For"] contains ","}{
Remove any spaces in the string, and then split it into a list on commas
set xff [split [string map {" " ""} [HTTP::header value "X-Forwarded-For"]] ","]
Get the last comma separated value from the XFF header
set xff [lindex $xff [expr {[llength $xff]} - 1]]
} else {
set xff [HTTP::header "X-Forwarded-For"]
}
Check if XFF value is in the class
if {[matchclass $xff equals $::pre_test_address_list]} {
pool dummypool
}
}
}
Note, I'm assuming you only want to check the last IP in the XFF header value. You could also loop through each IP and check it against the class. But then you'd be checking more than your proxy's XFF value.
Aaron