Forum Discussion

F5Hopper_28651's avatar
F5Hopper_28651
Icon for Nimbostratus rankNimbostratus
Aug 17, 2016

passing or changing header data and passing to end server for identification.

I have a question, I made the below Irule... I was asked to update and send a new header to the end server for internal server redirection. Maybe not a header but something so they can see the traffic is from NJ or ID.. any ideas?

when HTTP_REQUEST {
    if { ([string tolower [HTTP::uri]] starts_with "/testingpage") } {
         Parse the client IP from the CDN header
        set client_ip [HTTP::header "Incap-Client-IP"]
    if { $client_ip eq "" }{
         The header was empty/did not exist, so use the actual client IP
        set client_ip [IP::client_addr]
        }
    switch [whereis $client_ip abbrev] {
    "NJ" -
    "ID" {
        HTTP::respond 200 content "Your IP IS from NJ or ID"
    }
    default {
       set state [whereis $client_ip abbrev]
       HTTP::respond 200 content "Your IP IS NOT NJ or ID you is $state"
    }
  }
 }
}

Im out of my element on this one.. Thanks Crew..

application delivery
iRules
LTM

6 Replies

Sort By
  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Aug 17, 2016

    Perhaps something like this to replace your HTTP::response 200s?

    switch [whereis $client_ip abbrev] {
  "NJ" { HTTP::header insert User-Loc "NJ" }
  "ID" { HTTP::header insert User-Lov "ID" }
}
    • F5Hopper_28651's avatar
      F5Hopper_28651
      Icon for Nimbostratus rankNimbostratus
      Aug 17, 2016

      that looks good, I will give that a try.

      when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] starts_with "/testingpage") } {
         Parse the client IP from the CDN header
        set client_ip [HTTP::header "Incap-Client-IP"]
        if { $client_ip eq "" }{
             The header was empty/did not exist, so use the actual client IP
            set client_ip [IP::client_addr]
        }
        switch [whereis $client_ip abbrev] {
            "NJ" {
                HTTP::header insert User-Loc "NJ"
    }
            "ID" {
                HTTP::header insert User-Loc "ID"
    }
            "CA" {
                HTTP::header insert User-Loc "CA"
    }
  }
 }
}
  • ekaleido_26616's avatar
    ekaleido_26616
    Icon for Cirrocumulus rankCirrocumulus
    Aug 17, 2016

    Perhaps something like this to replace your HTTP::response 200s?

    switch [whereis $client_ip abbrev] {
  "NJ" { HTTP::header insert User-Loc "NJ" }
  "ID" { HTTP::header insert User-Lov "ID" }
}
    • F5Hopper_28651's avatar
      F5Hopper_28651
      Icon for Nimbostratus rankNimbostratus
      Aug 17, 2016

      that looks good, I will give that a try.

      when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] starts_with "/testingpage") } {
         Parse the client IP from the CDN header
        set client_ip [HTTP::header "Incap-Client-IP"]
        if { $client_ip eq "" }{
             The header was empty/did not exist, so use the actual client IP
            set client_ip [IP::client_addr]
        }
        switch [whereis $client_ip abbrev] {
            "NJ" {
                HTTP::header insert User-Loc "NJ"
    }
            "ID" {
                HTTP::header insert User-Loc "ID"
    }
            "CA" {
                HTTP::header insert User-Loc "CA"
    }
  }
 }
}
  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Aug 17, 2016

    Are you sure you can do this ?

     

    It is a direct violation of the EULA to use F5’s data to embed geolocation information or codes representing geolocation information into the requests such that another application or server could make the decision on what to do with that data. Customers wishing to use geolocation data on their webservers or in their applications to make decisions in those products should reach out to their account team.

     

    https://devcentral.f5.com/wiki/irules.whereis.ashx

     

  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Aug 18, 2016

    Hello,

     

    The way it has been explained to me is that you may use the GeoIP data to do pool selections or branch selections or so forth. As stated above, embedding the data in your traffic is a EULA violation.

     

    That said, I am fairly certain that you can "license" (sounds like it's just a waiver) the location database in order to be able to embed that data into your HTTP requests. You should contact your account team for more information and to get the data needed to expand your use of the feature.

     

    More info from https://devcentral.f5.com/wiki/irules.whereis.ashx

     

    F5’s traffic management products have a lot of power and flexibility and can make lots of decisions about traffic using the geolocation data on the BIG-IP. For example, a geolocation lookup can be used to route traffic requests to a different site, different server, different URL, or even substitute a different image, object, etc in the stream. The key is that the BIG-IP is making use of the data to make a decision to take some action. These are all allowed and in fact, intended usage of the geolocation data. Passing the data looked up to another system or displaying it back publicly is a violation of the basic data EULA. To summarize, all usage of the data must remain local to the system with the following two exceptions:

     

    Location can be placed in an encrypted cookie for reference ONLY by other BIG-IP devicesLogging data can contain location info and collected into a central logging solution for analysis of F5 logs.

     

    You should definitely read the data in the page linked above to get a better understanding of what you can and can't use it for.

     

    Thanks. Josh