Forsaken_104807
Aug 06, 2010Nimbostratus
X-Forwarded-For Irule
Hi All, Hoping someone can help here... In a nut shell, I am trying to block external access to a site, but allow internal users to work. Our connections come in externally via an application firewall, so I have enabled the X-Forward-For and can see original Ip's in a TCPDump.
Here is the Irule I am starting with:
when HTTP_REQUEST { if {[HTTP::header values "X-Forwarded-For"] contains "X.X.X.X" or [HTTP::header values "X-Forwarded-For"] contains "X.X.X.X"}{ HTTP::respond 200 content "Apology Page - External BlockedWe are sorry, but the site you are looking for is temporarily out of service Please try again later ." } }
I have a default pool setup on this vip.
So, when I use this irule... I am blocking internal access and external access is open, so I wanted to specifiy if the IP's do not equal XXXX, then display the html page. When I use the not in the irule, it accepts the syntax but both internally and externally I get nothing.... Below is the Irule and the logs from the ltm:
when HTTP_REQUEST { if {not[HTTP::header values "X-Forwarded-For"] contains "X.X.X.X" or [HTTP::header values "X-Forwarded-For"] contains "X.X.X.X"}{ HTTP::respond 200 content "Apology Page - External BlockedWe are sorry, but the site you are looking for is temporarily out of service Please try again later ." } }
Aug 6 14:47:05 local/tmm err tmm[2595]: 01220001:3: TCL error: iRule-JCICSS_Test - can't use non-numeric string as operand of "!" while executing "if {not[HTTP::header values "X-Forwarded-For"] contains "X.X.X.X" or [HTTP::header values "X-Forwarded-For"] equals "X.X.X.X"}{ HTTP..."
Any help would be greatly appreciated