Irule to set a pool on the basis of value in X-forwarded-for

Question

Hi ,I am setting up something, in which the requirement is I need to decide a pool on the basis of ip listed in X-forwarded-for header in the http request.For this I configured 3 data group list named test_ipranges_1 , test_ipranges_2 &amp; test_ipranges_3. But when i am writing the irule, it is giving me error, can someone help me out with this. Below is the code that i have written:&nbsp;when HTTP_REQUEST {&nbsp;&nbsp;&nbsp;if { class match -value [HTTP::header "X-forwarded-for"] equals test_ipranges_1 } {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pool pool1&nbsp;&nbsp;&nbsp;} elseif { class match -value [HTTP::header "X-forwarded-for"] equals test_ipranges_2 } {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pool pool2&nbsp;&nbsp;&nbsp;} elseif { class match -value [HTTP::header "X-forwarded-for"] equals test_ipranges_3 } {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pool pool3 &nbsp;&nbsp;&nbsp;} else {&nbsp;&nbsp;&nbsp;pool default&nbsp;&nbsp;&nbsp;}}

philippe_cloup · Answer

Hi Yogeshtaneja, i would probably change your code to something like this.&nbsp;when HTTP_REQUEST {
if { [HTTP::header values "X-Forwarded-For"] ne "" } {
         set clientip [getfield [HTTP::header X-Forwarded-For] "," 1]
         # set the variable ONLY if an X-FORWARDED-FOR header is there
   catch {
             # doing a catch to control any errors linked to the code 
             if { [class match $clientip equals test_ipranges_1] } {
                 pool pool1
               } elseif { [class match $clientip equals test_ipranges_2] } {
                 pool pool2
                } elseif { [class match $clientip equals test_ipranges_3] } {
                 pool pool3
               } else {
                 pool default
               }
            }
       }
                 pool default
             # in case the X-Fowarded-For was not properly set
             # or the catch provided an error
}To be honest, i would have done this slightly differently, by putting in the datagroup, multiple entries of IPs (so in a way, merging your 3 datagroups into 1 here), and adding in the value, the pool you target. So in that case, you do a single check, and if it exists, you retrieve the destination pool in a variable and use pool $variable as the selected pool

Forum Discussion

Irule to set a pool on the basis of value in X-forwarded-for

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Performance L4 VS - HTTPS [X-forwarded-for]

X-Forwarded-For Log Filter for Windows Servers

X Forwarded For Single Header Insert