Forum Discussion
Ganesh_Garg
Nimbostratus
NimbostratusActual Client IP and Proxy IP in X-Forwarded-For
We have a setup where clients are behind proxy and proxy is the src-ip for LTM, we have enabled X-Forwarded-For and we are getting Proxy-IP in the header, but now the requirement is to have actual cl...
Kai_Wilke
MVP
MVPHi Ganesh,
to consolidate multiple occourences of
X-Forwarded-Forwhen HTTP_REQUEST {
if { [set x_forwarded [HTTP::header values "X-Forwarded-For"]] ne "" } then {
HTTP::header remove "X-Forwarded-For"
HTTP::header insert "X-Forwarded-For" "[join $x_forwarded ", "], [getfield [IP::client_addr] "%" 1]"
} else {
HTTP::header insert "X-Forwarded-For" "[getfield [IP::client_addr] "%" 1]"
}
}
The iRule will collect any existing X-Forwarded-For header values, then remove any existing X-Forwarded-For headers and finally create a new one with the collected values + the current "X-Forwarded-For" value. E.g.:
Incomming HTTP request headers
GET / HTTP/1.1
Host: site.domain.de
...
X-Forwarded-For: 1.1.1.1
X-Forwarded-For: 2.2.2.2, 3.3.3.3
X-Forwarded-For: 4.4.4.4
Outgoing HTTP request headers
GET / HTTP/1.1
Host: site.domain.de
...
X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5
Note: Make sure to disable the automatic X-Forwarded-For insert option in your HTTP profile. The insert will be already handled by this iRule...
Cheers, Kai
