Forum Discussion

jerm1020_254086's avatar
jerm1020_254086
Icon for Nimbostratus rankNimbostratus
Aug 01, 2016

create a new Header value manipulation iRule

create a new Header value manipulation iRule. This iRule needs to interrogate Header values and substitute the x-forwarded-for value with True-Client-IP value if available. our CDN is providing the actual client IP address via this new Header value yet our current code base leverages the x-forwarded-for Header value for client address interrogation. This iRule allows for zero code impact while allowing us to leverage the new CDN IP Header value.

 

can anyone tell me if this is correct? or moreso how to form this into an iRule. irules are my absolute weakest part of the f5

 

IF Header Name True-Client-IP Exists THEN Set X-Forwarded-For Value equal to True-Client-IP value END IF

 

application delivery
devops
iRules
LTM
xforward

11 Replies

Sort By
  • ekaleido_26616's avatar
    ekaleido_26616
    Icon for Cirrocumulus rankCirrocumulus
    Aug 01, 2016
        when HTTP_REQUEST {
            if { HTTP::header exists X-Forwarded-For } {
                            HTTP::header replace X-Forwarded-For [[IP::client_addr]]
            }
     }
    • jerm1020_254086's avatar
      jerm1020_254086
      Icon for Nimbostratus rankNimbostratus
      Aug 01, 2016

      apologies for my ignorance on the subject, but this accomplishes what I was seeking? it looks correct from my limited knowledge of irules. true client is client IP within the irule?

       

    • jerm1020_254086's avatar
      jerm1020_254086
      Icon for Nimbostratus rankNimbostratus
      Aug 01, 2016

      I am receiving this error when trying to input the iRule

       

      01070151:3: Rule [/Common/CDN_Header_value_manipulation] error: /Common/CDN_Header_value_manipulation:2: error: [parse error: PARSE syntax 41 {syntax error in expression " HTTP::header exists X-Forwarded-For ": variable references require preceding $}][{ HTTP::header exists X-Forwarded-For }]

       

  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Aug 01, 2016
        when HTTP_REQUEST {
            if { HTTP::header exists X-Forwarded-For } {
                            HTTP::header replace X-Forwarded-For [[IP::client_addr]]
            }
     }
    • jerm1020_254086's avatar
      jerm1020_254086
      Icon for Nimbostratus rankNimbostratus
      Aug 01, 2016

      apologies for my ignorance on the subject, but this accomplishes what I was seeking? it looks correct from my limited knowledge of irules. true client is client IP within the irule?

       

    • ekaleido's avatar
      ekaleido
      Icon for Cirrus rankCirrus
      Aug 01, 2016

      [IP::client_addr] is whatever IP the user is assigned.

       

    • jerm1020_254086's avatar
      jerm1020_254086
      Icon for Nimbostratus rankNimbostratus
      Aug 01, 2016

      I am receiving this error when trying to input the iRule

       

      01070151:3: Rule [/Common/CDN_Header_value_manipulation] error: /Common/CDN_Header_value_manipulation:2: error: [parse error: PARSE syntax 41 {syntax error in expression " HTTP::header exists X-Forwarded-For ": variable references require preceding $}][{ HTTP::header exists X-Forwarded-For }]

       

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Aug 02, 2016

    Hi Jerm,

    you may use the iRule below to copy the 

    "True-Client-IP"
    header information (if present) into an additional 
    "X-Forwarded-For"
    header. If the 
    "True-Client-IP"
    header is not present, the iRule would simply store the client IP address of the underlying TCP session as 
    "X-Forwarded-For"
    header value...

    when HTTP_REQUEST {
         Removing  existing "X-Forwarded-For" headers to avoid duplications.
        HTTP::header remove "X-Forwarded-For" 
         Check if "True-Client-IP" is present
        if { [set true_client_ip [HTTP::header value "True-Client-IP"]] ne "" } then {
             "True-Client-IP" header is present. Copying "True-Client-IP" value to "X-Forwarded-For"
            HTTP::header insert "X-Forwarded-For" $true_client_ip
        } else {
             "True-Client-IP" header is not present. Setting the real client IP as  "X-Forwarded-For"
            HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]
        }
 }

    Cheers, Kai