Chapter 3: Condition Reference

request.header.header_name.address=

Tests if the specified request header can be parsed as an IP address; otherwise, false. If parsing succeeds, then the IP address extracted from the header is tested against the specified IP address. The expression can include an IP address or subnet, or the label of a subnet definition block. The header must be a common HTTP header. This condition is commonly used with the X-Forwarded-For and Client-IP headers. For other, custom headers, use request.x_header.header_name.address=.

Replaces: request_header_address.header_name=

Syntax

request.header.header_name.address=ip_addresssubnetsubnet_label

where:

header_name—A recognized HTTP header. For a complete list of recognized headers, see Appendix C: "Recognized HTTP Headers".

ip_address—IP address; for example, 10.1.198.46.

subnet—A subnet mask; for example, 10.1.198.0/24.

subnet_label—Label of a subnet definition block that binds a number of IP addresses or subnets.

Layer and Transaction Notes

Use in <Cache> and <Proxy> layers.

Examples

;In this example, we assume that there is a downstream ProxySG that

;identifies client traffic by putting the client’s IP address in a request

;header.

;Here we’ll deny access to some clients, based on the header value. <proxy>

; Netscape’s convention is to use the Client-IP header

deny request.header.Client-IP.address=10.1.198.0/24 ; the subnet

;Blue Coat’s convention is to use the extended header: deny request.header.X-Forwarded-For.address=10.1.198.12

See Also

Actions: append( ), delete( ), delete_matching( ), rewrite( ), set( )

Conditions: request.header.header_name=, response.header.header_name=, response.x_header.header_name=

Definitions: define subnet

117

Page 116 Page 118
Page 117
Image 117
Blue Coat Systems Proxy SG manual Request.header.headername.address=
Page 116 Page 118
Top Page Image Contents