Collect client IP header to write to payload
Hello all.
We have a request to restrict user account access based on the IP from which they come. While this could usually be addressed at the network layer, or even a somewhat simple iRule, it will be very high maintenance and the application team has indicated they can eaily manage it from the app side.
I haven't found anything that will collect the IP header akin to TCP::collect, though we log that data today with:
when SERVER_CONNECTED {
log local0.info "Client Source [IP::client_addr], Port [TCP::client_port], SNAT [IP::local_addr], PORT [TCP::local_port], Server [IP::server_addr], Port [TCP::server_port]"
}
The question is: Can we collect IP header information and write to the payload in a similar method as TCP::collect or is acquiring this information only doable via parsing the log?
If the former, I don't readily see the mechanism to collect that information and get it set to rewrite the TCP payload. Additionally, this is only to be done on the initial connection. We don't need to rewrite on every packet.
Some knowns:
-We use SNAT and that cannot change, else that'd be easy.
-It's TCP over 443
-There is no LB decision that needs to be made based on this.
So is it possible to collect this information in this regard? I'm not an iRule guru by any stretch so your collective assistance is appreciated.
Thanks in advance.