How to Create IRule to divert traffic between Pools based on XFF Header

Raunak_Tiwari · ‎06-Aug-2020

Hello Everyone,

I am facing issue with my Irule, Natted Traffic is coming from Imperva WAF and i have take value Value of XFF Header to redirect traffic to specific pool.

I am receiving HTTPs traffic and i have also enabled SSL Interception on F5 LTM.

IRule that i am using.

when HTTP_REQUEST {

if { [HTTP::header "X-FORWARDED-FOR"] equals "<DataGroupName>" } {

pool Federation-ACC-444

} else {

pool Federation-ACC-443

}

Could you help me how i can proceed further, because above IRule is not working.

Enes_Afsin_Al · ‎07-Aug-2020

Hi Raunak Tiwari,

You should use "class match" for datagroup compare

when HTTP_REQUEST {
	if { [class match [HTTP::header "X-FORWARDED-FOR"] equals <DataGroupName>] } {
		pool Federation-ACC-444
	}
	else {
		pool Federation-ACC-443
	}
}

https://clouddocs.f5.com/api/irules/class.html

View solution in original post

Enes_Afsin_Al · ‎07-Aug-2020

Hi Raunak Tiwari,

You should use "class match" for datagroup compare

when HTTP_REQUEST {
	if { [class match [HTTP::header "X-FORWARDED-FOR"] equals <DataGroupName>] } {
		pool Federation-ACC-444
	}
	else {
		pool Federation-ACC-443
	}
}

https://clouddocs.f5.com/api/irules/class.html

Raunak_Tiwari · ‎14-Aug-2020

Dear Eaa,

Thanks For your help,

Small change i have done in IRule.

I have used Incap-Client-IP at place of XFF Header.

Imperva supports both headers but in my situation it was using Incap-Client-IP

https://support.incapsula.com/hc/en-us/articles/200627650-Detection-and-Location-of-Real-Source-Clie...

DevCentral

How to Create IRule to divert traffic between Pools based on XFF Header

MFA required on DevCentral