Forum Discussion
Ruggerfly1
Nimbostratus
NimbostratusIRULE to Set APM Session variable for X-Forwarded-For
Good Afternoon,
I have a Network that connects to a VIP and all addresses are NAT'd behind the same IP. They are using a X-Forwarded-For in the Header. I'd like to set an APM Session Variable "session.custom.xforwardedfor" and then use something in APM like an Empty Box and regexpr to match a few client IP's.
Suggestions?
thanks!
Stanislas_Piro2Cumulonimbus
You can get the XFF header in ACCESS_SESSION_STARTED event, and evaluate the value in the irule.
when ACCESS_SESSION_STARTED { set xforwardedfor [HTTP::header values {X-Forwarded-For}] ACCESS::session data set session.custom.xforwardedfor $xforwardedfor switch $xforwardedfor { "1.1.1.1" - "2.2.2.2" - "3.3.3.3" { ACCESS::session data set session.custom.xff_known_ip 1 } default { ACCESS::session data set session.custom.xff_known_ip 0 } } }Then check the value in the empty box
expr { [mcget {session.custom.xff_known_ip}] == 1 }
Ruggerfly1get close the irule saves, but no APM session variable written with this.
when HTTP_REQUEST { set xforwardedfor "[HTTP::header values {X-Forwarded-For}]" log local0. "$xforwardedfor" ACCESS::session data set session.custom.xforwardedfor $xforwardedfor }
- Ruggerfly1
this writes the variable:
when HTTP_REQUEST { set xforwardedfor "[HTTP::header values {X-Forwarded-For}]" log local0. "$xforwardedfor" } when ACCESS_SESSION_STARTED { ACCESS::session data set session.custom.xforwardedfor $xforwardedfor }
now phase 2
- Ruggerfly1
Finished - perhaps not optimised but working:
APM policy - Empty Box - used this: expr { [string tolower [mcget {session.custom.xforwardedfor}]] contains "1.1.1.1" || [string tolower [mcget {session.custom.xforwardedfor}]] contains "2.2.2.2" }