<\/span><\/h2>\nTo allow for CDN providers to add the true client IP to an encrypted (HTTPS) packet the IP address can be placed into the TCP options header. The IP can then be pulled from the header and placed into the XFF header within the HTTP request.<\/p>\n
To do this you first need to instruct the F5 to examine the necessary TCP option via the command.<\/p>\n
Note<\/strong> : 22 is the hex based number. So in this case this will examine TCP option 34 (i.e 0x22)<\/p>\nbigpipe db Rules.Tcpoption.settings [22,first]<\/pre>\nIn terms of the iRule. We ensure the length of the TCP option (as a string) is 4.\u00a0 We then parse the option into an IP address and pass this to the HTTP Request event to place into a X-Forwarded-For header.<\/p>\n
when CLIENT_ACCEPTED {\r\n\u00a0\u00a0\u00a0 set opt34 [TCP::option get 34] \u00a0<\/span>\r\n\u00a0\u00a0\u00a0 if { [string length $opt34] == 4 } {<\/span>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 set optaddr [ IP::addr parse $opt34\u00a0 ]<\/span>\r\n\u00a0\u00a0\u00a0 }<\/span>\r\n}<\/span>\r\n\r\nwhen HTTP_REQUEST {<\/span>\r\n if { [info exists optaddr] } {<\/span>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 HTTP::header insert \"X-Forwarded-For\" $optaddr<\/span>\r\n\u00a0\u00a0\u00a0 }<\/span>\r\n}<\/span><\/pre>\nNote : If you using a Cisco ASA in front of your F5 you will need to permit the TCP option. Details on how to configure this can be found here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"This cookbook is a collection of iRule tips, hints and solutions that I have discovered and found whilst writing and designing iRules across the years. Contents How do I split a URL and assign them to separate variables ? How do I perform DNS Lookups ? What is the easiest way to Rewrite the uri … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":815,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"yoast_head":"\nThe iRule Cookbook - Fir3net<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n\t \n\t \n\t \n