Manual Chapter :
Example: Preventing a spoof of an x-forwarded-for request
Applies To:
Show Versions
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP PEM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP ASM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Example: Preventing a spoof of an x-forwarded-for request
You can create a local traffic policy to prevent a spoof of an x-forwarded-for request. This is
a security issue where attackers might attempt to thwart security by falsifying the IP address in
a header, and pass it through the BIG-IP system.
Examples
Creating a policy
to prevent a spoof of an x-forwarded-for request: video example
You can associate a BIG-IP local traffic policy with a virtual
server to prevent a spoof of an x-forwarded-for request. This is a security issue
where attackers might attempt to thwart security by falsifying the IP address in a
header, and pass it through the BIG-IP system. Watch the following video for an
example of creating a local traffic policy and associating it with a virtual
server.
You can also visit our DevCentral YouTube channel to see
this video. Use any of these ways:
- Click this URL: .
- Copy and paste the above URL into your browser window.
- Use your browser to search for this video using the titleF5: Creating a local traffic policy to prevent a spoof of an x-forwarded-for request.
When you have completed the task shown in the video, the policy is associated with a
virtual server.
Preventing a spoof of an x-forwarded-for request: tmsh example
This topic provides a
tmsh
command to list the configured settings
for a policy to prevent a spoof of an x-forwarded-for request. This is a request
where attackers might attempt to thwart security by falsifying the IP address in a
header, and pass it through the BIG-IP system. This topic also
provides a tmsh
command to list the configured virtual server
settings.(tmos)# list ltm policy PreventSpoofOfXFF ltm policy SelectiveCompression{ controls { compression } description "This policy prevents a spoof of an x-forwarded-for request." last-modified 2016-03-02:11:46:00 requires { http } rules { StopSpoof { actions { 0 { http-header replace name X-foRWardED-for value tcl:[IP::client_addr] } } } } status published strategy first-match } (tmos.ltm.virtual)# list ltm virtual HTTP-VS3 ltm.virtual.HTTP-VS3{ destination 10.10.0.41:http ip-protocol tcp mask 255.255.255.255 policies { PreventSpoofOfXFF { } } profiles { http { } tcp { } } source 0.0.0.0/0 translate-address enabled translate-port enabled vs-index 4 }
Preventing a spoof of an x-forwarded-for request: iRules example
This topic provides an example of
iRules
code that is equivalent to a
policy that prevents a spoof of an x-forwarded-for request. This is a situation where
attackers might attempt to thwart security by falsifying the IP address in a header, and
pass it through the BIG-IP system. This example replaces a request
that includes an x-forwarded-for header with the actual client IP address.when HTTP_REQUEST { set xff 0 foreach x [HTTP::header names] { if { [string tolower $x] equals "x-forwarded-for" } { set xff 1 HTTP::header remove $x HTTP::header insert X-FORWARDED-FOR [IP::client_addr] } } if { $xff == 0 } { HTTP::header insert X-FORWARDED-FOR [IP::client_addr] } }
