DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

X-Client-IP Header based Processing Rule

1. X-Client-IP Header based Processing Rule

Like
R K
Posted Wed February 19, 2025 05:45 PM

Reply
Dears,

I was working on a integration where I had to create a different processing rule for the requests originating from a specific IP. So I have created a Matching Rule based on X-Client-IP Header.

When I tried , the request from the specific is still not going to the newly created rule. When I looked into debug logs in Datapower, it is showing that the X-Client-IP value received is N/A but when I enabled probe and saw the expected value in Headers section of the transaction.

May I know if I am missing enabling any configuration?

------------------------------
R K
------------------------------
2. RE: X-Client-IP Header based Processing Rule

Like
Hermanni Pernaa

IBM Champion
Posted Thu February 20, 2025 03:53 AM

Reply
Hi,

I wouldn't trust the X-Client-IP. I'd use X-Forwarded-For header and not match to the value directly. Create one rule that takes in all requests and then as the first action extract the header value. The value can then be passed on to the following conditional action that you can use to implement the IP specific logic. This gives more flexibility to your setup. In addition to the previous I'd suggest that you consult your network team and ensure that X-Forwarded-For is populated correctly by the firewall(s)/router(s)/etc. network stuff you have "in front" of your DataPower because unfortunately that might not always be the case.

------------------------------
Hermanni Pernaa
Solutions Architect
Digia Plc
Helsinki
------------------------------
3. RE: X-Client-IP Header based Processing Rule

Like
R K
Posted Fri February 21, 2025 10:21 AM

Reply
Thanks Hermanni for the reply, This is for a temporary Non Production setup. I have implemented the way you have suggested but I was curious why the Client IP was coming as NA when evaluating the processing rules but when we check or print it in the first action, the header value is populated.

------------------------------
R K
------------------------------

Original Message

DataPower

DataPower

X-Client-IP Header based Processing Rule

R KWed February 19, 2025 05:45 PM

Hermanni PernaaThu February 20, 2025 03:53 AM

R KFri February 21, 2025 10:21 AM

1. X-Client-IP Header based Processing Rule

2. RE: X-Client-IP Header based Processing Rule

3. RE: X-Client-IP Header based Processing Rule

Office

Community Links

IBM Links

DataPower

DataPower

X-Client-IP Header based Processing Rule

R KWed February 19, 2025 05:45 PM

Hermanni PernaaThu February 20, 2025 03:53 AM

R KFri February 21, 2025 10:21 AM

1. X-Client-IP Header based Processing Rule

2. RE: X-Client-IP Header based Processing Rule

3. RE: X-Client-IP Header based Processing Rule

Related Content

Simple attachment processing

DataPower: How to use password map aliases for safekeeping

How to scan attachments using an ICAP service

IBM DataPower Gateway Docker version control with Git

How to use Web Services Management Agent subscriptions

Office

Community Links

IBM Links