Jump to content
Welcome to our new Citrix community!

Responder to get True-Client-IP

Recommended Posts


I'm helping a customer that soon are using Akamai shield.

I want to search for a name in url and also get True-Client-IP from header to match a Location.


HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("name-in-url-path") && (HTTP.REQ.FULL_HEADER.CONTAINS("True-Client-IP")  && CLIENT.IP.SRC.MATCHES_LOCATION("akamai_prod_allowed.*.*.*.*.*"))

So i want to match True-Client-IP and akamai_prod_allowed, how do i do that?




Link to comment
Share on other sites

On 11/21/2019 at 6:07 PM, Siddhartha Sarmah said:



Tried but i didn't work. I get hits on the policy when i use HTTP.REQ.FULL_HEADER.CONTAINS("True-Client-IP")

Akamai adds the "True-Client-IP" in the header so just HTTP.REQ.HEADER("True-Client-IP") doesn't work in yhis case.


Link to comment
Share on other sites

I red it several times. I didn't get it.

What I understand is: Traffic is coming out of Akamai. Akamai added a header, True-Client-IP. Is this right? And you want to get the location from this IP.


If this is right, HTTP.REQ.HEADER("True-Client-IP") has to work. Do a network trace and double check if there is a typo. You could also do a "User Configurable Log Message" dumping all headers (HTTP.REQ.FULL_HEADERS) into syslog, so you can see these headers, include their names.





Link to comment
Share on other sites

I have a nstrace and i can see that it adds True-Client-IP in the header.

So i can see it like this "True-Client-IP: xx.xxx.xxx.xx"

It doesn't seems that this expression is taking the True-Client-IP value and match it with the location.



In the location i just added ip and ip range.



Link to comment
Share on other sites

but if you pit a http.REQ.HEADER("True-Client-IP") into the log files the IP address get there? So define a user configurable log message?


set audit syslogParams -userDefinedAuditlog YES
add audit messageaction log_ip WARNING "\"Client-IP is: \" + HTTP.REQ.HEADER(\"True-Client-IP\")"


Bind this message to your policy. It will log something like "Client ip is:" into /var/log/ns.log (it's a warning level message)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...