Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Jun 09, 2017

Multiple IPs coming in the client_addr and remote_addr header fields

I'm trying to write an iRule that only places a single IP address in the X-FORWARDED-FOR header. I am using the one below but we are seeing rare cases where the client_addr or remote_addr fields are coming in with multiple IP addresses and we want only one. Any help on suggestions to alter the iRule to always bring in the left most IP address would be greatly appreciated.

when HTTP_REQUEST {

 log local0. "Client IP: [IP::client_addr], XFF: [HTTP::header X-Forwarded-For]"

if { [HTTP::header exists X-Forwarded-For] } {

     If multiple IPs exist in header, strip out and replace with Original Client IP

    log local0. "Too much in header...replace"
    HTTP::header replace X-Forwarded-For "[IP::remote_addr]"

}
else {

     If nothing in header, add Original Client IP

    log local0. "Nothing in Header"
    HTTP::header insert X-Forwarded-For [IP::remote_addr]

}

log local0. "[HTTP::header X-Forwarded-For]"

}

  • Hi,

    First of all there is no way that [IP::remote_addr] can return multiple IPs - just not possible with TCP.

    I guess your conclusion is based on the fact that request arriving to the backend host is still containing multiple XFF headers.

    Reason is simple, if original request contains multiple XFF headers then HTTP::header replace is just replacing value/s in last XFF header.

    Use combination of:

    HTTP::header remove X-Forwarded-For

    followed by:

    HTTP::header insert X-Forwarded-For [IP::remote_addr]

    Piotr