Forum Discussion

Nimbostratus

Nov 28, 2012

iRule - Source Address and "X-Forwarded For"

Currently we are using the below iRule which is chekcing the "X-Forwarded-For" in HTTP header and 10.0.0.0/16 source address === when HTTP_REQUEST { if {([HTTP::header exists "X-F...

Employee

Nov 29, 2012

just another example.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   set xff [HTTP::header values "X-Forwarded-For"]
   switch "[HTTP::host][HTTP::uri]" {
      "www.test.com/wf" {
         if { [IP::addr $xff equals 10.3.0.0/16] } {
            HTTP::redirect "http://www.test.com/WF?sr=new"
         }
      }
      "www.test.com/wf/hp.me" {
         if { [IP::addr $xff equals 10.0.0.0/16] } {
            HTTP::redirect "http://www.test.com/WF/H.me"
         }
      }
   }
}
}

[root@ve10:Active] config  curl -I http://www.test.com/wf/hp.me -H "X-Forwarded-For: 10.0.0.1"
HTTP/1.0 302 Found
Location: http://www.test.com/WF/H.me
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve10:Active] config  curl -I http://www.test.com/wf -H "X-Forwarded-For: 10.3.0.1"
HTTP/1.0 302 Found
Location: http://www.test.com/WF?sr=new
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve10:Active] config  curl -I http://www.test.com/
HTTP/1.1 200 OK
Date: Thu, 29 Nov 2012 12:41:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)