Capture X-Forwared-For header for iptables
I'm looking to block certain IP's on Linux web servers matching specific criteria. These web servers are behind a load balancer that's configured to operate in reverse proxy mode.
A tcpdump of port 80 traffic shows the traffic originating from the load balancer's IP because of which I'm not able to block the actual client IP the traffic originates from. The apache logs show me the client IP's since XFF info is captured. Any method to cause iptables to capture the actual XFF ip through some match string ???
My script picks up the actual client IP's from a DB but since the actual IP's are substituted with the load balancer's IP in packet capture, the iptables rules are ineffective :(