Forum Discussion

johnkrum_45755's avatar
johnkrum_45755
Icon for Nimbostratus rankNimbostratus
Mar 20, 2013

Check to see if XFF is present, if so don't insert XFF

External users hit a dns entry on a Netscaler in our dmz. That device inserts the XFF and then passes (pass through mode) the data to an F5 internal to our network. What we are looking to do is if th...
application delivery
dev
devops
irules
johnkrum_45755's avatar
johnkrum_45755
Icon for Nimbostratus rankNimbostratus
Mar 25, 2013
I was able to test

 

 

when HTTP_REQUEST {

 

insert XFF if it doesn't exist

 

if {not [HTTP::header exists "X-Forwarded-For"]} {

 

HTTP::header insert X-Forwarded-For [IP::client_addr]

 

}

 

}

 

 

today and if I look at the cookie I see both IP addresses inserted. 198.177.94.250 and 10.129.14.248

 

 

auroraSSO=266391041180ICONNECTEMPHAGA BILLY https://caregiverconnect.aurora.org198.177.94.250, 10.129.14.2481364235987888AdqO34nrlPBoHQNreOq+OepatfI=

 

 

Any adjustments that I can make to have get this to work?

 

To be more clear -

 

1) if the connection is internal to our network the request goes directly to the F5 vip and XFF is inserted

 

2) if the connection is external to our network the request hits a Netscaler which inserts the XFF and the connection is passed on to the F5 VIP

 

The iRule should see the XFF and not over write or insert a new one.

 

 

Thanks