Forum Discussion
1 Reply
Sort By
- Jad_Tabbara__J1Cirrostratus
Hi,
You can use the "string map" command to remove a known IP from the XFF header.
For example:
when HTTP_REQUEST { if { [HTTP::header value "X-Forwarded-For"] contains "1.1.1.1" } { This will replace the 1.1.1.1 by "" set new_xff [string map {1.1.1.1 ""} [HTTP::header value "X-Forwarded-For"] ] You can add logs to /var/log/ltm to verify if it works correctly log local0. "Old XFF: [HTTP::header value "X-Forwarded-For"]" Then you can modify the value and log again to verify the new value HTTP::header replace "X-Forwarded-For" $new_xff log local0. "New XFF: [HTTP::header value "X-Forwarded-For"]" } }
Hope it helps