Forum Discussion
mikeshimkus_111
Jan 02, 2014Historic F5 Account
Hi Icemanii, I think you could accomplish this by creating an LTM datagroup with the IPs you want to block (named "banned_addresses" in my example) and creating an iRule similar to this one to respond to blocked requests. You shouldn't need to use X-forwarded-for at all if this BIG-IP can see the true client IP address.
when HTTP_REQUEST {
if { [string tolower [HTTP::header "User-Agent"]] contains "mini opera" } {
if { [class match [IP::client_addr] equals "banned_addresses"] } {
set response "Access Denied
We are sorry, but access to the is
restricted to approved client IP addresses. Your IP address,
[IP::client_addr], is not approved."
HTTP::respond 200 content $response
}
}
}
- Icemanii_116694Jan 02, 2014NimbostratusHi, thanks for the response. The opera mini browser acts like a proxy replacing the true client IP with a US based IP. I have another rule which drops all request from US country using the geoip targeting restriction. As such, I need to check the client's true country of origin to allow or drop the request. if {([class match [whereis [IP::client_addr] country] equals BlockedCountry]) } { drop} So I need to check for mobile users using opera mini as a browser and determining their real client ip instead of the IP from the Opera Mini.