matchclass and custom header values

Greetings,

 

 

I'm inserting true-client-ip (forwarded from Akamai to show us the actual client's IP address, not Akamai's edge server that's servicing the request) via an iRule:

 

 

when HTTP_REQUEST {

 

if { [HTTP::header exists "X-Forwarded-For"] } {

 

HTTP::header insert x-forwarded-for [IP::remote_addr]

 

} elseif { [HTTP::header exists "true-client-ip"] } {

 

HTTP::header insert true-client-ip [IP::remote_addr]

 

}

 

}

 

 

I'm now trying to compare this value with a class containing banned IP addresses (some networks, some hosts) with the following rule:

 

 

when HTTP_REQUEST {

 

if { [matchclass [HTTP::header value true-client-ip] equals $::banned_ip_addresses ] } {

 

log local0. "[HTTP::header value true-client-ip]"

 

drop

 

return

 

}

 

}

 

 

banned_ip_addresses contains an IP I'm passing through the VS that has this iRule applied to it, so I know I should be able to trigger this, yet can not. If I log out the value of [HTTP::header value true-client-ip] I can see the IP address, yet believe the disconnect is in that the value of true-client-ip isn't matching the class type address.

 

 

Basically, can I cast [HTTP::header value true-client-ip] to whatever the matchclass wants? Or am I doing something else completely wrong here.