Layer7 API Management

we added XFF variable we are getting an error.. how to perform this ipwhitelisting using IP address Range property assertion

Hi Prem, 

Make sure to use the context variable "${request.http.header.x-forwarded-for}" in the "Restrict Access to IP Address Range" Assertion. 

Thanks,

I used that CV in our policy. But I'm seeing some error in that part

Hi Prem,

Can you please provide details of the error ?

Thanks,

Error:

com.l7tech.server.MessageProcessor: 3017: Policy evaluation for servic e spaceissue [2c993be8fd2512b6191d0c975f50aeb9] resulted in status 500 (Internal Server Error)
2018-02-27T13:56:37.269-0600 WARNING 656 com.l7tech.server.policy.assertion.ServerRemoteIpRange: 4504: Could no t resolve a remote IP address from the context variable "${request.http.header.x-forwarded-for}".
2018-02-27T13:56:37.270-0600 WARNING 656 com.l7tech.server.message: Message was not processed: Internal Server Error (500)

I configured IP restrict assertion as below

Do no put double quotes and ${} in the context variable field. Just the name of the context variable.

Hi AtulRaut,

I tried both ways, Just for testing I used ${}. I tried to capture All header values in that part too I'm not seeing XFF filed value.

If I try to capture IP in audit logs I'm only seeing IP of the load balance

Could you help me how to capture the client IP instead of LB IP. I used audit log like  

Is there any other audit logs can I use to capture client IP  details.

Thanks.

Hi Prem,

right click on your policy and start the "Service Debugger". Then initiate a request and verify the headers of the request.

Either the header is spelled differently or it is not available at all. For the latter case you need to verify the configuration of your F5-LB, why the header will not correctly inserted.

Ciao Stefan

Hi Stefan,

Thanks for your help, I'll check with our F5-LB team. 

Regards,

Prem.