Forum Discussion

Nishal_Rai's avatar
Nishal_Rai
Icon for Cirrocumulus rankCirrocumulus
Sep 09, 2022

Bypassing specific IP address from the IP is a backlisted violation

Hello,

I'm quite new with iRules and currently trying to bypass the specific IP address from IP is a blacklisted violation (IP intelligence service is enabled and I want to bypass this specific violation.


I've enabled XFF on the HTTP profile and there are certain IPs that I need to bypass this violation.

<Attached is the report of the violation >


Since there is a list of a specific range of IP addresses to bypass this violation.
I've created the data group list for it. But, I am a little skeptical about the use of the data group list (class) on the HTTP_REQUEST request event as I've enabled the XFF, and those IP on the XFF header is required to bypass that violation.


In the iRule section.

  • I need to first inspect the request and get HTTP::header values "X-Forwarded-For" values in replacement of [IP::client_addr]
  • If possible, compare with the data group list created consisting list of allowed IP address
  • If the IP address matches with the data group list then, just bypass the IP violation.


I'm just trying to figure out something like the below command will require performing the required task.

when HTTP_REQUEST {
[HTTP::header values "X-Forwarded-For"] in replacement of [IP::client_addr]
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if { [class match [IP::client_addr] equals CLASS]}

<---Compares the data group list IP and if the requesting IP is present then bypass IP violation--->
else
<---Implement IP violation on it--->



Thanks,

Nitratic.