For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JimmyJose's avatar
JimmyJose
Icon for Nimbostratus rankNimbostratus
Sep 18, 2016

Appending/Including all IP addresses 'en route' within "X-Forwarded-for"

Hello,   We have our internal website published through our LTM. Users' traffic traverse the WAF [non-F5] before reaching the LTM.   Both WAF and LTM are configured to insert the X-Forwarded-fo...
application delivery
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Sep 19, 2016

Hi Jimmy,

to consolidate multiple occourences of 

X-Forwarded-For
headers, you may try the iRule below...

when HTTP_REQUEST {
    if { [set x_forwarded [HTTP::header values "X-Forwarded-For"]] ne "" } then {
        HTTP::header remove "X-Forwarded-For" 
        HTTP::header insert "X-Forwarded-For" "[join $x_forwarded ", "], [getfield [IP::client_addr] "%" 1]"
    } else {
        HTTP::header insert "X-Forwarded-For" "[getfield [IP::client_addr] "%" 1]"
    }
}

The iRule will collect any existing 

X-Forwarded-For
header value, then remove any existing 
X-Forwarded-For
header and finally create a new one with the collected values + the current "X-Forwarded-For" value. E.g.:

Incomming HTTP request headers

GET / HTTP/1.1  
Host: site.domain.de  
... 
X-Forwarded-For: 1.1.1.1  
X-Forwarded-For: 2.2.2.2, 3.3.3.3
X-Forwarded-For: 4.4.4.4

Outgoing HTTP request headers

GET / HTTP/1.1  
Host: site.domain.de  
... 
X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5

Note: Make sure to disable the automatic X-Forwarded-For insert option in your HTTP profile. The insert will be already handled by this iRule...

Cheers, Kai