cancel
Showing results for 
Search instead for 
Did you mean: 

Persist profile using XFF to read client IP address

ant77
Cirrus
Cirrus

Hi All,

 

Based on what we are using below, traffic to our website goes through a CDN that changes the "real" client's IP address to their proxy IP...So we can't use source-client IP persistency on the F5 because of this. What we are doing below is using an iRule to read the XFF header, and based on the XFF header, we load balancing to both server A/B based on the unique client IP...

 

So the question here is...is there a way I can also match a single IP address from the XFF (example 200.200.200.200), and

send them to only ServerB only? We want to load balance all external to both serverA and serverB equally, but 200.200.200.200 to server B only

regardless..Can this be done by modifying the iRule below?

 

Thank you in advance!

 

F5 POOL Name: AppServer123

  • ServerA - 10.10.10.10
  • ServerB - 10.10.10.11

 

 

*** iRule used by persistence profile that will persist to a server in a pool based on client's source IP address ***

when HTTP_REQUEST {      if {[HTTP::header X-Forwarded-For] != ""} then {         persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]     } else { persist uie [IP::client_addr]     } }
2 REPLIES 2

oguzy
Cirrostratus
Cirrostratus

Hi ant77,

 

You can try below one (please do not forget to change port_number to listening port on your backend server):

when HTTP_REQUEST { set clientip [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0] if {[HTTP::header X-Forwarded-For] != "" && $clientip equals "200.200.200.200" } then { persist uie $clientip node 10.10.10.11 port_number } else { persist uie [IP::client_addr] pool AppServer123 } }

https://clouddocs.f5.com/api/irules/node.html

 

If you also need to persistence based on XFF other than 200.200.200.200, you should modify the irule.

 

SanjayP
MVP
MVP

Below iRule should cater the requirement of requests coming without XFF and using persistance based on original clientIP. And also, would use persistence based on XFF for other than 200.200.200.200

when HTTP_REQUEST { if {not [HTTP::header exists "X-Forwarded-For"] } { persist uie [IP::client_addr] return } else { set xff [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0] } if { ([HTTP::header exists "X-Forwarded-For"]) and ($xff equals "200.200.200.200") }{ node 10.10.10.11 443 return } else { persist uie $xff } }