Forum Discussion

Jim_Stumbo's avatar
Jim_Stumbo
Icon for Altostratus rankAltostratus
Jul 01, 2021
Solved

Use x-forwarded-for to bypass authentication?

I am pretty new to all the irule stuff and the more advanced access policy stuff, so please be gentle on me.   What we are trying to do is when a connection is made to our F5, check the x-forw...
  • Daniel_Wolf's avatar
    Jul 01, 2021

    Hi Jim,

    you could add this iRule

    when HTTP_REQUEST {
        if {[HTTP::header exists X-Forwarded-For]}{
            ACCESS::session data set session.user.clientip [HTTP::header X-Forwarded-For]
        }
    }

    It will replace the Session Variable session.user.clientip with the value of the X-Forwarded-For header.

    And then you could use the APM action Endpoint Security (Server-Side) >> IP Subnet Match in the APM Access Policy to check whether the IP is matching the allowed Subnets.

    I didn't test the iRule, let me know whether it works or not.

    KR

    Daniel

    EDIT: Typo in iRule