Chapter 3: Condition Reference
117
request.header.header_name.address=Tests if the specified request header can be parsed as an IP address; otherwise, false. If parsing
succeeds, then the IP address extracted from the header is tested against the specified IP address. The
expression can include an IP address or subnet, or the label of a subnet definition block. The header
must be a common HTTP header. This condition is commonly used with the X-Forwarded-For and
Client-IP headers. For other, custom headers, use request.x_header.header_name.address=.
Replaces: request_header_address.header_name=
Syntax
request.header.header_name.address=ip_address|subnet|subnet_label
where:
•header_name—A recognized HTTP header. For a complete list of recognized headers, see
Appendix C: "Recognized HTTP Headers".
•ip_address—IP address; for example, 10.1.198.46.
•subnet—A subnet mask; for example, 10.1.198.0/24.
•subnet_label—Label of a subnet definition block that binds a number of IP addresses or subnets.
Layer and Transaction Notes
•Use in <Cache> and <Proxy> layers.
Examples
; In this example, we assume that there is a downstream ProxySG that
; identifies client traffic by putting the client’s IP address in a request
; header.
; Here we’ll deny access to some clients, based on the header value.
<proxy>
; Netscape’s convention is to use the Client-IP header
deny request.header.Client-IP.address=10.1.198.0/24 ; the subnet
; Blue Coat’s convention is to use the extended header:
deny request.header.X-Forwarded-For.address=10.1.198.12
See Also
•Actions:
append( ), delete( ), delete_matching( ), rewrite( ), set( )
• Conditions: request.header.header_name=, response.header.header_name=,
response.x_header.header_name=
• Definitions: define subnet