Forum Discussion
ant77
Mar 31, 2022Cirrostratus
XFF matching in data group not working for redirect
Hello everyone, Can you help figure out what the issue is here. I have an iRule that uses the IP address or subnet as matching and determining if the connecting users are "internal/trusted" or ex...
oscarnet
Altocumulus
HI ant77
I modified your irule slightly,
Adjust the comparison string to case-insensitive comparison,
Basically, the function you want can be achieved at present
when HTTP_REQUEST {
if {[HTTP::has_responded] } {return}
set CHECK_IP [lindex [lsearch -all -inline -not -exact [split [HTTP::header values X-Forwarded-For] "\{\} ,"] {}] 0]
#log local0. "IP Address: $CHECK_IP"
if { ([class match -- $CHECK_IP eq INTERNAL-USERS-XFF]) } {
#log local0. "match IP Address: $CHECK_IP"
if { ([string tolower [HTTP::uri]] contains "/public/idsearch" ) } {
HTTP::redirect "https://[HTTP::host]/private/IDSearch"
log local0. "IP Address: $CHECK_IP Matching INTERNAL-USERS-XFF => Redirecting to /private/IDSearch"
return
} else {
HTTP::redirect "https://[HTTP::host]/Apublic/IDSearch"
#log local0. "Not match IP Address: $CHECK_IP"
}
}
}
I hope I can help you
have a good day !!!
ant77
Mar 31, 2022Cirrostratus
Hi oscarnet,
Let me change that and see if that will fix the issue. I have a feeling it has something to do with the URI matching, and if case sensitivity has something to do with it...Is there any thispecific logs to look for to see if this does not work or if the issue is a matching URI issue?
Thank you!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects