Forum Discussion

MPR's avatar
MPR
Icon for Nimbostratus rankNimbostratus
Sep 20, 2021

Extracting http header- Client IP address

X-Forwarder-for has been setup to extract the client IP information from F5. Recently we integrated a cloud based WAF into our environment where they will be changing the client IP to their Proxy IP address before forwarding it to our F5. Since then F5 is only able to interpret the proxy IP address but not the original Client's IP address.

 

Upon talking to the Cloud WAF provider, I have been told they insert 2 IP headers while forwarding traffic to us, where one has all the IP information and second one have the client IP address only.

 

1) X-Forwarded-For : 97.108.160.191, 198.143.60.6(Proxy IP address), x.x.x.x(Proxy 2 IpP address) and so on

 

2) Incap-Client-IP: 97.108.160.191

 

Where as : 97.108.160.191 is the original Source IP address. 

 

Can some able to assist on how can we configure F5 to interpret the value in the header "Incap-Client-IP" or read the First IP address in "X-Forwarded-For" header.

 

Thanks in advance.

 

Regards.

2 Replies

  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus

    when HTTP_REQUEST {

    if { [HTTP::header exists "Incap-Client-IP"] } {

    set client_ip [HTTP::header "Incap-Client-IP"]

    } elseif { [HTTP::header exists "X-Forwarded-For"] } {

    set client_ip [getfield [HTTP::header "X-Forwarded-For"] "," 1]

    }

    if { [info exists client_ip] } {

    HTTP::header insert "Client_Real_IP" $client_ip

    }

    }

     

  • MPR's avatar
    MPR
    Icon for Nimbostratus rankNimbostratus

    @Xuwen : Many Thanks for your reply ! So I have consolidated your code along with logging the traffic with minor changes. I have also replaced the "HTTP::header insert "Client_Real_IP" $client_ip" TO "HTTP::header replace "X-Forwarded-For" $client_ip" as that will be inserting another IP header which I am thinking will not server the purpose, because the application guys are looking only or what is in the X-Forwarder-for header. What do you think about this ?

     

    when HTTP_REQUEST {

    if { [HTTP::header exists "Incap-Client-IP"] } {

    set client_ip [HTTP::header "Incap-Client-IP"]

    log local0. [HTTP::header "Incap-Client-IP"]

    } elseif { [HTTP::header exists "X-Forwarded-For"] } {

    set client_ip [getfield [HTTP::header "X-Forwarded-For"] "," 1]

    log local0. [getfield [HTTP::header "X-Forwarded-For"] "," 1]

    }

    if { [info exists client_ip] } {

    HTTP::header replace "X-Forwarded-For" $client_ip

    }

    }