For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AnupamG_354580's avatar
AnupamG_354580
Icon for Nimbostratus rankNimbostratus
Jul 09, 2018

authorization header are dropped

Hello Folks , i have two VIP configured , One for PROD and one for UAT . in UAT when i insert any authorization header it gets dropped but PROD is OK   Below are xforward configured . I want to u...
application delivery
iRules
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Jul 09, 2018

Hi,

to sum UP:

In UAT if "X-Forwarded-For" exist you add an additional value using this command (and even if this header don't exist you insert X-Forwarded-For header in else condition):

HTTP::header insert X-Forwarded-For [IP::client_addr]

In production you check if "X-Forwarded-For" header exist, if yes you replace value by:

HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]"

but you made a mistake you forget values in command:

HTTP::header replace X-Forwarded-For "[HTTP::header values X-Forwarded-For][IP::client_addr]"

So modify text your irule production by:

when HTTP_REQUEST { 
if {[HTTP::header exists X-Forwarded-For]}{
    HTTP::header replace X-Forwarded-For "[HTTP::header values X-Forwarded-For], [IP::client_addr]" 
} else { 
HTTP::header insert X-Forwarded-For [IP::client_addr] 
}

Keep me update.

regards