Forum Discussion
JimmyJose
Nimbostratus
Sep 18, 2016Appending/Including all IP addresses 'en route' within "X-Forwarded-for"
Hello,
We have our internal website published through our LTM. Users' traffic traverse the WAF [non-F5] before reaching the LTM.
Both WAF and LTM are configured to insert the X-Forwarded-fo...
Kai_Wilke
MVP
Sep 19, 2016Hi Jimmy,
to consolidate multiple occourences of
X-Forwarded-For headers, you may try the iRule below...
when HTTP_REQUEST {
if { [set x_forwarded [HTTP::header values "X-Forwarded-For"]] ne "" } then {
HTTP::header remove "X-Forwarded-For"
HTTP::header insert "X-Forwarded-For" "[join $x_forwarded ", "], [getfield [IP::client_addr] "%" 1]"
} else {
HTTP::header insert "X-Forwarded-For" "[getfield [IP::client_addr] "%" 1]"
}
}
The iRule will collect any existing
X-Forwarded-For header value, then remove any existing X-Forwarded-For header and finally create a new one with the collected values + the current "X-Forwarded-For" value. E.g.:
Incomming HTTP request headers
GET / HTTP/1.1
Host: site.domain.de
...
X-Forwarded-For: 1.1.1.1
X-Forwarded-For: 2.2.2.2, 3.3.3.3
X-Forwarded-For: 4.4.4.4
Outgoing HTTP request headers
GET / HTTP/1.1
Host: site.domain.de
...
X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5
Note: Make sure to disable the automatic X-Forwarded-For insert option in your HTTP profile. The insert will be already handled by this iRule...
Cheers, Kai
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects