NimbostratusGood Afternoon,
I have a Network that connects to a VIP and all addresses are NAT'd behind the same IP. They are using a X-Forwarded-For in the Header. I'd like to set an APM Session Variable "session.custom.xforwardedfor" and then use something in APM like an Empty Box and regexpr to match a few client IP's.
Suggestions?
thanks!
CumulonimbusYou can get the XFF header in ACCESS_SESSION_STARTED event, and evaluate the value in the irule.
when ACCESS_SESSION_STARTED {
set xforwardedfor [HTTP::header values {X-Forwarded-For}]
ACCESS::session data set session.custom.xforwardedfor $xforwardedfor
switch $xforwardedfor {
"1.1.1.1" -
"2.2.2.2" -
"3.3.3.3" {
ACCESS::session data set session.custom.xff_known_ip 1
}
default {
ACCESS::session data set session.custom.xff_known_ip 0
}
}
}
Then check the value in the empty box
expr { [mcget {session.custom.xff_known_ip}] == 1 }
Nimbostratusget close the irule saves, but no APM session variable written with this.
when HTTP_REQUEST { set xforwardedfor "[HTTP::header values {X-Forwarded-For}]" log local0. "$xforwardedfor" ACCESS::session data set session.custom.xforwardedfor $xforwardedfor }
Nimbostratusthis writes the variable:
when HTTP_REQUEST { set xforwardedfor "[HTTP::header values {X-Forwarded-For}]" log local0. "$xforwardedfor" } when ACCESS_SESSION_STARTED { ACCESS::session data set session.custom.xforwardedfor $xforwardedfor }
now phase 2
NimbostratusFinished - perhaps not optimised but working:
APM policy - Empty Box - used this: expr { [string tolower [mcget {session.custom.xforwardedfor}]] contains "1.1.1.1" || [string tolower [mcget {session.custom.xforwardedfor}]] contains "2.2.2.2" }