cancel
Showing results for 
Search instead for 
Did you mean: 

Extracting http header- Client IP address

MPR
Nimbostratus
Nimbostratus

X-Forwarder-for has been setup to extract the client IP information from F5. Recently we integrated a cloud based WAF into our environment where they will be changing the client IP to their Proxy IP address before forwarding it to our F5. Since then F5 is only able to interpret the proxy IP address but not the original Client's IP address.

 

Upon talking to the Cloud WAF provider, I have been told they insert 2 IP headers while forwarding traffic to us, where one has all the IP information and second one have the client IP address only.

 

1) X-Forwarded-For : 97.108.160.191, 198.143.60.6(Proxy IP address), x.x.x.x(Proxy 2 IpP address) and so on

 

2) Incap-Client-IP: 97.108.160.191

 

Where as : 97.108.160.191 is the original Source IP address. 

 

Can some able to assist on how can we configure F5 to interpret the value in the header "Incap-Client-IP" or read the First IP address in "X-Forwarded-For" header.

 

Thanks in advance.

 

Regards.

2 REPLIES 2

xuwen
Cirrus
Cirrus

when HTTP_REQUEST {

if { [HTTP::header exists "Incap-Client-IP"] } {

set client_ip [HTTP::header "Incap-Client-IP"]

} elseif { [HTTP::header exists "X-Forwarded-For"] } {

set client_ip [getfield [HTTP::header "X-Forwarded-For"] "," 1]

}

if { [info exists client_ip] } {

HTTP::header insert "Client_Real_IP" $client_ip

}

}

 

MPR
Nimbostratus
Nimbostratus

@Xuwen : Many Thanks for your reply ! So I have consolidated your code along with logging the traffic with minor changes. I have also replaced the "HTTP::header insert "Client_Real_IP" $client_ip" TO "HTTP::header replace "X-Forwarded-For" $client_ip" as that will be inserting another IP header which I am thinking will not server the purpose, because the application guys are looking only or what is in the X-Forwarder-for header. What do you think about this ?

 

when HTTP_REQUEST {

if { [HTTP::header exists "Incap-Client-IP"] } {

set client_ip [HTTP::header "Incap-Client-IP"]

log local0. [HTTP::header "Incap-Client-IP"]

} elseif { [HTTP::header exists "X-Forwarded-For"] } {

set client_ip [getfield [HTTP::header "X-Forwarded-For"] "," 1]

log local0. [getfield [HTTP::header "X-Forwarded-For"] "," 1]

}

if { [info exists client_ip] } {

HTTP::header replace "X-Forwarded-For" $client_ip

}

}