Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

AnupamG_354580's avatar
AnupamG_354580
Icon for Nimbostratus rankNimbostratus
7 years ago

authorization header are dropped

Hello Folks , i have two VIP configured , One for PROD and one for UAT . in UAT when i insert any authorization header it gets dropped but PROD is OK   Below are xforward configured . I want to u...
application delivery
irules
Faruk_AYDIN's avatar
Faruk_AYDIN
Icon for Altostratus rankAltostratus
7 years ago

Hi Guy,

1. There is some problems. In UAT, 
HTTP::header remove X-Forward-For
line may include misspelling. Correct version must be: 
HTTP::header remove X-Forwarded-For

2. In UAT, if X-Forwaded-For header exists, then new X-forwarded-for header is added. (In the if statement, 
HTTP::header insert X-Forwarded-For [IP::client_addr]
)

3.In UAT, and PROD if X-Forwaded-For header does not exist, then a X-forwarded-for header is added. (In the else statements, 
HTTP::header insert X-Forwarded-For [IP::client_addr]
)

4. In PROD if X-Forwaded-For header exists, then Client IP is added into the existing X-forwarded-for header . (In the if statement, 
HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]"
)