Forum Discussion
BIG-IP add custom header
F5 BIG-IP LTM VE v11.4.0 on ESXi
I want to add a custom header to my request before rewriting to a backend server :
when HTTP_REQUEST {
HTTP::header insert uri-original [HTTP::uri]
...
HTTP::uri $rewrite_uri
pool backend-pool-01
}
However my tests do not show this header present.
Am I adding the header correctly ?
What are the rules around retaining added headers ?
How can I log all headers present in my request ?
UPDATE ( 2014-11-29 ) :
For case where iRule is assigned to a virtual-server with an http profile, I verified above TCL does add header as expected.
However, for https case, adding the header writes errors to the f5 logs :
Nov 14 22:03:03 f5-01 err bigd[6134]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Nov 14 22:03:04 f5-01 err tmm1[8371]: 01220001:3: TCL error: /Common/xheader-irule-01 - Operation not supported (line 1) invoked from within "HTTP::header insert original-uri [HTTP::uri]"
16 Replies
cjuniorNacreous
if the backend is Linux, try:
tcpdump -i any -vvvs 0 -A | grep -e uri-original- Kevin_Stewart
Employee
There would be no case where the F5 would remove an incoming header, unless defined to do so. That would require either an iRule, or an HTTP profile "Request Header Erase" setting.
- nitass
Nov 14 22:03:04 f5-01 err tmm1[8371]: 01220001:3: TCL error: /Common/xheader-irule-01 - Operation not supported (line 1) invoked from within "HTTP::header insert original-uri [HTTP::uri]"
do you assign multiple irules to the virtual server? does action conflict each other?
- my virtual-server is assigned multiple i-rules but i believe a rewrite from an ssl to a non-ssl pool is causing the original-uri i-rule to be invoked twice. however what i find confusing is that elsewhere in the forums i've read that it's possible to add multiple headers with the same name to a request - and yet here adding a header that already exists throws an error
- nitassi do not think the error is caused by adding header name which exists. i think its action does conflict with another.
- could you please elaborate ? no further action is taken with the added header -- it is simply a header that is added server-side for use client-side
nitass_89166Noctilucent
Nov 14 22:03:04 f5-01 err tmm1[8371]: 01220001:3: TCL error: /Common/xheader-irule-01 - Operation not supported (line 1) invoked from within "HTTP::header insert original-uri [HTTP::uri]"
do you assign multiple irules to the virtual server? does action conflict each other?
- my virtual-server is assigned multiple i-rules but i believe a rewrite from an ssl to a non-ssl pool is causing the original-uri i-rule to be invoked twice. however what i find confusing is that elsewhere in the forums i've read that it's possible to add multiple headers with the same name to a request - and yet here adding a header that already exists throws an error
- nitass_89166i do not think the error is caused by adding header name which exists. i think its action does conflict with another.
- could you please elaborate ? no further action is taken with the added header -- it is simply a header that is added server-side for use client-side
- nitass
could you please elaborate ?
e.g.
configuration root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { rule1 rule2 } source 0.0.0.0/0 source-address-translation { type automap } vs-index 3 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule rule1 ltm rule rule1 { when HTTP_REQUEST priority 1 { HTTP::redirect "http://www.google.com" } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule rule2 ltm rule rule2 { when HTTP_REQUEST priority 2 { HTTP::header insert test 1234 } } /var/log/ltm [root@ve11a:Active:In Sync] config tail -f /var/log/ltm Nov 23 22:21:35 ve11a err tmm1[14890]: 01220001:3: TCL error: /Common/rule2 - Operation not supported (line 1) invoked from within "HTTP::header insert test 1234"- so in your example an error is thrown because we attempt to add a header to a request for which a response has already been set ? however, in my case, my add header irule has priority 1 - it always fires first - so it would seem your example would not apply
- nitasswhat i want to show is the error is caused by conflicting in action (not the command itself). it is just an example because i do not know what you are doing in your another irule.
- nitass_89166
could you please elaborate ?
e.g.
configuration root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { rule1 rule2 } source 0.0.0.0/0 source-address-translation { type automap } vs-index 3 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule rule1 ltm rule rule1 { when HTTP_REQUEST priority 1 { HTTP::redirect "http://www.google.com" } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule rule2 ltm rule rule2 { when HTTP_REQUEST priority 2 { HTTP::header insert test 1234 } } /var/log/ltm [root@ve11a:Active:In Sync] config tail -f /var/log/ltm Nov 23 22:21:35 ve11a err tmm1[14890]: 01220001:3: TCL error: /Common/rule2 - Operation not supported (line 1) invoked from within "HTTP::header insert test 1234"- so in your example an error is thrown because we attempt to add a header to a request for which a response has already been set ? however, in my case, my add header irule has priority 1 - it always fires first - so it would seem your example would not apply
- nitass_89166what i want to show is the error is caused by conflicting in action (not the command itself). it is just an example because i do not know what you are doing in your another irule.
