For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

danielng_19608's avatar
danielng_19608
Icon for Nimbostratus rankNimbostratus
Apr 28, 2009

Customizing X-Forwarded-For certain websites

Hi all,     currently my setup is to enable X-Forwarded for all traffic that is hitting the Internet.     What i would like to do is to NOT enable X-Forwarded when accessing cer...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 28, 2009
If you want to inspect/modify the HTTP content, you need to add an HTTP profile to the virtual server. You would also need to move the logic to the HTTP_REQUEST event where the HTTP headers have been parsed by TMM. And assuming you have a pool on the VS, you could remove the forward statements and just use a single if: 

  
 when CLIENT_ACCEPTED { 
  
     Check if client IP isn't part of trusted addresses datagroup  
    if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{  
       set insertXff 0  
    } else {  
       set insertXff 1  
    }  
 } 
 when HTTP_REQUEST {  
  
     Check if we're inserting an XFF for this connection  
    if { $insertXff}{  
  
        Remove existing XFF headers  
       HTTP::header remove X-Forwarded-For   
  
        Insert new XFF header  
       HTTP::header insert X-Forwarded-For [IP::remote_addr]   
    }  
 }

Aaron