04-Apr-2022 23:40
I just deployed this irule:
when HTTP_REQUEST {
if { [HTTP::header exists "X-Forwarded-For"] } {
set client_ip [HTTP::header value "X-Forwarded-For"]
set fromCountry [whereis $client_ip country]
if { ( [class match $fromCountry equals Blocked_Countries]) }{
drop
}
}
}
And I'm getting this error in /var/log/ltm:
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2) invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3) invoked from within "whereis $client_ip country"
I saw this article but not sure enough how to implement it in my irule
https://support.f5.com/csp/article/K15450552
Could you please advise on this?
Thanks
05-Apr-2022 07:06 - edited 06-Apr-2022 04:25
Here X-Forwarded-For Value is coming in String and you are changing to IP:Addr that the reason getting error.
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2) invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3) invoked from within "whereis $client_ip country"
Below iRule has not tested but try it
when HTTP_REQUEST {
if { [HTTP::header exists "X-Forwarded-For"] } {
set client_ip [HTTP::header insert X-Forwarded-For]
log local0. "$client_ip"
set fromCountry [whereis $client_ip country]
if { ( [class match $fromCountry equals Blocked_Countries]) }{
drop
}
}
}
05-Apr-2022 10:55 - edited 05-Apr-2022 21:17
Hi Samir
The irule I used is mentioned here, and I just copied it
https://support.f5.com/csp/article/K43383890
it is working fine, but only sometimes it is droping this error.
I will try your solution and update you
Update#2 : I tried your irule, it is droping the error I mentioned all the time. So it did not solve the issue.
Update#3 : I also tried the ASKF5 team recommendation:
set fromCountry [whereis [IP::addr $client_ip mask "255.255.255.255"] country]
But it did not work out. error still showup sometimes in CLI
TCL error: /parition/irule_XFF <HTTP_REQUEST> - bad IP address format (line 1) invoked from within "IP::addr $client_ip mask "255.255.255.255""
I will try to contact F5 support to check if they can help with this.
06-Apr-2022 01:50
Hi Abed_AL-R,
I hope this result test will help you, So i think this case require 2 step
1. We have to update geo-database from F5, Please refer link below
https://cloud-ttrust.com/f5-how-to-install-and-update-ip-geolocation-database/
2. Please follow step on link below for case iRules checl x-forward-for and query geo-database for check blacklist country
https://cloud-ttrust.com/f5-irules-check-http-x-forward-for-and-country/
Thanks you
06-Apr-2022 02:41
This is basically the same irule I was using
And our GeoLocation database is up to date. I updated it last week.