Forum Discussion
noc_304434
Nimbostratus
NimbostratusX-Forwarded-For - IRule
Hello, Im trying to implement a IRule to work with X-Forwarded-For HTTP headers, but it doesnt seems to be working correctly.
My IRule is the following:
if { [HTTP::header exists "X-Forwarded-For"] } { log local0. "X-Forward-IP: [HTTP::header values "X-Forwarded-For"] , Original X-Forward, Client IP: [IP::client_addr] "
set test [getfield [lindex [HTTP::header values X-Forwarded-For] 0] "," 1]
log local0. "X-Forward-IP only the first: $test"
it replaces in header e let only the first IP
HTTP::header replace "X-Forwarded-For" $test
persist uie [HTTP::header X-Forwarded-For] 600
} else {
HTTP::header insert "X-Forwarded-For" [IP::client_addr]
persist uie [HTTP::header X-Forwarded-For] 600
log local0. "X-Forward-IP: [HTTP::header values "X-Forwarded-For"] , Replaced by the client IP"
}
Logs collected in BIGIP shows:
: X-Forward-IP: 199.53.38.39 , Original X-Forward, Client IP: 192.168.121.150 Dec 16 09:42:55 cshgltm01 info tmm[14265]: Rule /Producao/irule_PROD_site_wwwroot : X-Forward-IP only the first: 199.53.38.39
But logs on Server shows: X-Forwarded-For: 192.168.121.150
I didnot get why it is occurring.
Vijay_ECirrus
I think the VS has an HTTP profile or iRule that is inserting the XFF header with the original client IP.
KrzysiekPlease check HTTP profile if xforwarded is disabled on it.
noc_304434Hello dears, thanks for the comments. The Xforwarded for is disabled. I will check if another IRule is inserting the XFF header with the original client IP. If you have another suggestion, i will appreciate. Regards.
Hannes_RappSeems like a bit odd way to go about solving a problem
May I ask, why do you prefer to persist connections off of the X-Forwarded-For Header? What's the point of doing that?
The whole purpose of X-Forwarded-For header is to provide visibility in a poorly designed network. It serves a purpose of providing client-IP visibility where it's otherwise not possible to extract this information from L4 headers due to source-address translation(s).