For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

parvez_70211's avatar
parvez_70211
Icon for Nimbostratus rankNimbostratus
Apr 10, 2017

Using X-Forwarded-for to block Clients based on URI information

I have task to block client IP's based on URI information but the catch here is that the actual IP's are present on HTTP header (X-forwarded-For) which are all coming from Akamai. Eg: I have approx...
application delivery
iRules
rsacheen_310098's avatar
rsacheen_310098
Icon for Nimbostratus rankNimbostratus
Apr 10, 2017

How do you like to modify your iRule? The code snippet you have provided looks fine syntax wise, but it blocks access from IP's in your AllowList. How about something like this:-

 

when HTTP_REQUEST {
  if { [HTTP::uri] equals "/en_US/HHCM" && !([IP::addr [IP::client_addr] equals AllowList]) } {
      log output
     reject
  } else {
      Send traffic to your desired server pool
  }
}

Just an example. Correct me if I misunderstood your query.

 

Connection from client IP's [IP::client_addr] that are not in your data group(AllowList) gets blocked.

 

parvez_70211's avatar
parvez_70211
Icon for Nimbostratus rankNimbostratus
Apr 10, 2017

Connection from client IP's that are not in your data group(AllowList) gets blocked. - correct