09-Mar-2021
13:08
- last edited on
21-Nov-2022
16:19
by
JimmyPackets
Hello everyone and F5,
please help....I am stuck and don’t know what to do or if F5 can support this...
Does anyone know how to persist an IPV6 address in an X-forwarded-for header, or add it to the current code below? We are currently calling
this i-Rule with universal persistence profile, however it seems to only work if the user's client IP is in IPV4 format. If they get an IPV6 address from
their ISP provider, the persistency does not work even though our CDN address their IPV6 in the XFF header field.
Any help is much appreciated!
when HTTP_REQUEST {
if {[HTTP::header X-Forwarded-For] != ""} then {
persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]
} else {
persist uie [IP::client_addr]
}
}
10-Mar-2021
12:47
- last edited on
04-Jun-2023
21:01
by
JimmyPackets
Do you have a persistence profile on the virtual? Might be best to have a default of source_addr persistence as a profile on the virtual, that way you can reduce your iRule to this (my attempt, you'll need to test)
when HTTP_REQUEST {
if { [HTTP::header exists X-Forwarded-For] } {
persist uie [getfield [HTTP::header X-Forwarded-For] "," 1]
}
}
11-Mar-2021 05:29
Hi Jason,
We can't use a default source_addr profile because the inbound traffic goes through a CDN, which they append the client IP and their proxy IP to the XFF header. We use the irule to look into this and persist the connection for the client to a server in the backend. This works fine with IPV4, however there are instances where some of our user's ISP is giving them an IPV6 address. How can this iRule or any other method be used to read the IPV6 along with the IPV4 (this irule) and persist the client
based on that?
Thanks!
12-Mar-2021 11:38
Hello F5/Jason,
Please help...can you let me know if this can be done or not?
Thanks!
12-Mar-2021 12:01
it should be possible, but I really need to see samples of the contents of your XFF headers in ipv4 and ipv6 to see if you are indexing and splitting correctly for both protocols. I can track down bugs and experience in the meantime. Sorry, I don't have much operational ipv6 experience
15-Mar-2021 07:27
Thank you Jason, appreciate your help. Once I get more info and a sample, I will post it.