F5 APM - How to do IP Subnet match for IPs in header

Question

Hi,&nbsp;I have a flow where clients come in VIA Proxy. I cannot get there IP from network Layer. I need to go and get this from header (XFF). How can I do a IP subnet match on APM using the XFF header?&nbsp;Thanks

faruk_aydin · Answer

add an iRule like that:when ACCESS_SESSION_STARTED {
	ACCESS::session data set session.custom.xforwardedfor [HTTP::header X-Forwarded-For]
}then add an Empty Box to your APM Policy, add a branch rule, then check the value against a subnet like that:expr {[IP::addr [mcget {session.custom.xforwardedfor}] equals "10.0.0.0/8"]}

Forum Discussion

F5 APM - How to do IP Subnet match for IPs in header

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Security headers

Remove subnet from NAT pools without any impact

Implementing Client Subnet DNS Requests

No matches under XML_CONTENT_BASED_ROUTING

Implementing Client Subnet in DNS Requests