Forum Discussion

danielng_19608's avatar
danielng_19608
Icon for Nimbostratus rankNimbostratus
Apr 28, 2009

Customizing X-Forwarded-For certain websites

Hi all,

 

 

currently my setup is to enable X-Forwarded for all traffic that is hitting the Internet.

 

 

What i would like to do is to NOT enable X-Forwarded when accessing certain websites.

 

 

My idea of the iRule will be something like this:

 

==================================================================================

 

 

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::client_addr] equals $::trustedAddresses] }

 

{

 

forward

 

}

 

 

else {

 

HTTP::header insert X-Forwarded-For [IP::remote_addr]

 

forward

 

}

 

 

Can anyone tell me if this solution will work?

 

 

Thanks!!

 

6 Replies

  • If you want to inspect/modify the HTTP content, you need to add an HTTP profile to the virtual server. You would also need to move the logic to the HTTP_REQUEST event where the HTTP headers have been parsed by TMM. And assuming you have a pool on the VS, you could remove the forward statements and just use a single if:

      
     when CLIENT_ACCEPTED { 
      
         Check if client IP isn't part of trusted addresses datagroup  
        if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{  
           set insertXff 0  
        } else {  
           set insertXff 1  
        }  
     } 
     when HTTP_REQUEST {  
      
         Check if we're inserting an XFF for this connection  
        if { $insertXff}{  
      
            Remove existing XFF headers  
           HTTP::header remove X-Forwarded-For   
      
            Insert new XFF header  
           HTTP::header insert X-Forwarded-For [IP::remote_addr]   
        }  
     }  
     

    Aaron
  • Hi Aaron,

     

     

    many thanks for the prompt response. Really appreciate your time in helping me out as i am still learning how to write iRules. I will try it out and let you know again. Thanks again!

     

     

    regards,

     

    Daniel
  • hi Aaron,

     

     

    i managed to get the rule to work after some tweaking. thanks again for your help!!
  • Hi Aaron,

     

     

    this is what i came out with. Basically, i am trying to match another condition that is any string which contains what i have specified in the datagroup selectedSites will be checked. I tried to specify selectedSites as a String datagroup but it doesnt seem to be working. Any advise on this?

     

     

    =================================================================================

     

    if {[matchclass [IP::client_addr] equals $::trustedAddresses]}

     

    {

     

    set insertxff 0

     

    }

     

    else

     

    {

     

    set insertxff 1

     

    }

     

    }

     

    when HTTP_REQUEST {

     

     

    if { $insertxff equals 0 and ([string tolower [HTTP::host]] contains $::selectedSites)}

     

    {

     

    Remove existing XFF headers if both conditions match

     

    HTTP::header remove X-Forwarded-For

     

    }

     

    else

     

    {

     

    Insert new XFF header

     

    HTTP::header insert X-Forwarded-For [IP::remote_addr]

     

    }

     

    }

     

  • Can you replace this line:

     

     

    if { $insertxff equals 0 and ([string tolower [HTTP::host]] contains $::selectedSites)}

     

     

    with this:

     

     

    if { $insertxff equals 0 and [matchclass $::selectedSites contains [string tolower [HTTP::host]]]}

     

     

    Aaron