Add a custom "X-forwarded-for" header name

Question

Hello Everyone,Need an assistant to add custom http header name and value to insert XFF headers. The default name "X-forwarded-for" cannot understand by the client side. Example need to add name "HTTP_XFF" instead of default one which known by end node.Not sure whether this achived either irule or http profile. The irule used below wont help and client cannot see the custom header name.when HTTP_Request{HTTP::header remove X-forwarded-forHTTP::header insert HTTP_XFF [IP::client_addr]log local0."[IP::local_addr] XFF to: [IP::client_addr]"}---------&nbsp;Any suggestions would be appreciated. Thanks.&nbsp;

paulius · Answer

Nandhi You should be able to do this with an HTTP profile with XFF enabled and it should let you name it what you wish rather than using an iRule.

jrahm · Answer

Hi&nbsp;Nandhi,&nbsp;I am not able to get the profile suggestions by&nbsp;Paulius&nbsp;or&nbsp;zamroni777&nbsp;working in my local lab (happy to be told what I'm doing wrong!) but I am able to a) remove any existing X-Forwarded-For that arrives and b) insert new based on the requests client IP address both via iRule and local traffic policy. I find the traffic policy overly complicated as it requires Tcl anyway, so personally I'd use the iRule, but both solutions work.
iRule
&nbsp;
when HTTP_REQUEST {
    if { [HTTP::header exists "X-Forwarded-For"] } {
        HTTP::header remove "X-Forwarded-For"
    }
    HTTP::header insert "X-Custom-XFF" [IP::client_addr]
}
&nbsp;
Policy
&nbsp;
ltm policy insert_custom_xff {
    last-modified 2024-01-10:15:50:09
    requires { http }
    rules {
        custom_xff {
            actions {
                0 {
                    http-header
                    insert
                    name X-Custom-XFF
                    value tcl:[IP::client_addr]
                }
            }
            ordinal 1
        }
        remove_std_xff {
            actions {
                0 {
                    http-header
                    remove
                    name X-Forwarded-For
                }
            }
        }
    }
    status published
    strategy all-match
}
&nbsp;
&nbsp;

zamroni777 · Answer

it's better to use gui based local traffic policy rather than irules to avoid scripting typo

https://community.f5.com/t5/technical-articles/to-irule-or-not-to-irule-introduction-to-local-traffic-policies/ta-p/279536

nandhi · Answer

Thanks Paulius &amp; Zamroni.The actual need is bit different. The end point expecting the header name "HTTP_XFF" with original client IP. By default, header name uses the string&nbsp;X-forwarded-for:&lt;client-ip&gt;The end point does not support "X-forwarded-for" and supported configuration is ,&lt;add key="LoadBalancerClientAddressHeader" Value="HTTP_XFF"/&gt;

paulius · Answer

Nandhi I'm not sure I am understanding your request. If you are looking to use an different X-Forwarded-For name you can use the field in "XFF Alternative Names" in the HTTP profile rather than using an iRule.

Forum Discussion

Add a custom "X-forwarded-for" header name

8 Replies

iRule

Policy

Recent Discussions

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

Related Content

Using "X-Forwarded-For" in Apache or PHP

Difference between "True client ip" and "X-Forwarded for"

custom response page for api

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header