Block Opera Mini users using true client IP

Hi Icemanii, I think you could accomplish this by creating an LTM datagroup with the IPs you want to block (named "banned_addresses" in my example) and creating an iRule similar to this one to respond to blocked requests. You shouldn't need to use X-forwarded-for at all if this BIG-IP can see the true client IP address.

when HTTP_REQUEST { 
if { [string tolower [HTTP::header "User-Agent"]] contains "mini opera" } { 
    if { [class match [IP::client_addr] equals "banned_addresses"] } { 
        set response "Access Denied
        We are sorry, but access to the  is
        restricted to approved client IP addresses. Your IP address, 
        [IP::client_addr], is not approved."
        HTTP::respond 200 content $response
    } 
} 

}

Ah, I see. I didn't know that about Opera Mini. I thought you were looking at the X-Forwarded-For header as inserted by BIG-IP.

Couldn't you do something like this, then:

when HTTP_REQUEST { 
if { [string tolower [HTTP::header "User-Agent"]] contains "mini opera" } { 
    if {[HTTP::header exists "X-Forwarded-For"]} {
        set real_ip [HTTP::header value "X-Forwarded-For"]
        if { [class match [whereis $real_ip country] equals BlockedCountry]] } { 
            drop
            } 
        }
    }
}

Hi,

I would do a "foreach" to check WFF value, because your request can travel through multiples proxies.

when CLIENT_ACCEPTED {
 Save the name of the VS default pool
set default_pool [LB::server pool]
}

when HTTP_REQUEST {
if { [string tolower [HTTP::header "User-Agent"]] contains "opera mini"} {
    if {[HTTP::header exists "X-Forwarded-For"]} {
        foreach real_ip [split [string map [list " " ""] [HTTP::header "X-Forwarded-For"]] ","] {
            if {([class match [$real_ip] equals WhitelistIP]) } {
                pool $default_pool}
            elseif {([class match [$real_ip] equals BlacklistIP]) } {
                HTTP::redirect "http://0.0.0.0"}
            elseif { [class match [whereis $real_ip country] equals BlockedCountry]} {
                    HTTP::redirect "http://myforbiddenpage.com"}
                }
            else {
                    pool $default_pool}
            }
       }
}

Hi,

I would do a "foreach" to check WFF value, because your request can travel through multiples proxies.

when CLIENT_ACCEPTED {
 Save the name of the VS default pool
set default_pool [LB::server pool]
}

when HTTP_REQUEST {
if { [string tolower [HTTP::header "User-Agent"]] contains "opera mini"} {
    if {[HTTP::header exists "X-Forwarded-For"]} {
        foreach real_ip [split [string map [list " " ""] [HTTP::header "X-Forwarded-For"]] ","] {
            if {([class match [$real_ip] equals WhitelistIP]) } {
                pool $default_pool}
            elseif {([class match [$real_ip] equals BlacklistIP]) } {
                HTTP::redirect "http://0.0.0.0"}
            elseif { [class match [whereis $real_ip country] equals BlockedCountry]} {
                    HTTP::redirect "http://myforbiddenpage.com"}
                }
            else {
                    pool $default_pool}
            }
       }
}

Could you log real_ip after foreach statement with this line :

log local0. "IP matched is : $real_ip"

I've tried using the foreach, but I'm hitting Connection closed by remote server when using the opera mini browser trying to access my server.

can you post your latest irule?

by the way, i think $real_ip does not need square brackets, does it?

e.g.

[class match $real_ip equals WhitelistIP]

I've tried using the foreach, but I'm hitting Connection closed by remote server when using the opera mini browser trying to access my server.

can you post your latest irule?

by the way, i think $real_ip does not need square brackets, does it?

e.g.

[class match $real_ip equals WhitelistIP]