Jim_Stumbo
Jul 01, 2021Altostratus
Solved
Use x-forwarded-for to bypass authentication?
I am pretty new to all the irule stuff and the more advanced access policy stuff, so please be gentle on me. What we are trying to do is when a connection is made to our F5, check the x-forw...
- Jul 01, 2021
Hi Jim,
you could add this iRule
when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ ACCESS::session data set session.user.clientip [HTTP::header X-Forwarded-For] } }
It will replace the Session Variable session.user.clientip with the value of the X-Forwarded-For header.
And then you could use the APM action Endpoint Security (Server-Side) >> IP Subnet Match in the APM Access Policy to check whether the IP is matching the allowed Subnets.
I didn't test the iRule, let me know whether it works or not.
KR
Daniel
EDIT: Typo in iRule