I have changed my rule a little and got it to work.
when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] starts_with "/testingpage") } {
Parse the client IP from the CDN header
set client_ip [HTTP::header value "Client-IP"]
if { $client_ip eq "" }{
The header was empty/did not exist, so use the actual client IP
set client_ip [IP::client_addr]
}
switch [whereis $client_ip abbrev] {
"NJ" -
"ID" {
HTTP::respond 200 content "Your IP IS from NJ or ID"
}
default {
set state [whereis $client_ip abbrev]
log local0. "Lowercase state is $client_ip"
HTTP::respond 200 content "Your IP IS NOT NJ or ID you is $state"
}
}
}
}
but I found a new issue, that is that I have a front end with imperva for security, the $client_ip always comes back with their IP. its like a huge proxy... but on my webserver I do see the client IPs using xforward...so Im not sure what to do.