Forum Discussion
hooleylist
Mar 11, 2010Cirrostratus
You might also check to see if Akamai strips out any previously existing True-Client-IP headers before inserting it's own. You could test this to see. If they don't then you could check to see whether Akamai's header is always inserted last. In that case, you should be fine using hte iRule as HTTP::header retrieves the value for the last named header.
I don't think Akamai would append the client IP they get to an existing True-Client-IP header, so you could probably skip the split/loop on the True-Client-IP header value. If you did want to keep the split/loop, you could eliminate some intermediate variables:
when HTTP_REQUEST {
if { [HTTP::header "True-Client-IP"] ne ""} {
header may be in format of addr1,addr2,addr3
foreach addr [split [HTTP::header "True-Client-IP"] ","] {
if { [matchclass banned_addr_list equals $addr] } {
HTTP::respond 403
}
}
}
}
Aaron