Forum Discussion
lttarvina
Cirrus
CirrusDeployment of X-forwarder on all VIP
The X-Forwarded-For (XFF) HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. To enable the...
Daniel_Wolf
MVP
MVPHi lttarvina,
first read this: K4816 - Enabling the Insert X-Forwarded-For option in the HTTP profile
lets say all your virtuals have the default http profile, named http. And, following the process described above, you create a new profile called pr_http_xff. This command should replace the profile called http with your new profile pr_http_xff on all virtuals.
tmsh list ltm virtual one-line | grep "profiles.*\ http\ " | awk '{ print $3 }' | xargs -I vs_name tmsh modify ltm virtual vs_name profiles add { pr_http_xff } profiles delete { http http }This is the same what boneyard suggests, but not for one but for many virtuals.
I took this from my notes and didn't test it in my lab. Therefore: handle with care.
If you have DSC cluster, run on the standby unit and sync. If you have a test environment, test it there.
KR
Daniel
isg-ss3
Nimbostratus
NimbostratusHi, and thank you for the given commands below:
tmsh list ltm virtual one-line | grep "profiles.*\ http\ " | awk '{ print $3 }' | xargs -I vs_name
tmsh modify ltm virtual vs_name profiles add { pr_http_xff } profiles delete { http http }
I tried the first command in my lab, and no output has been shown. I replaced the vs_name with a specific name of a VS, and still no output has been shown. However, when I entered "tmsh list ltm virtual one-line," I got the following output:
I just thought that maybe it's only happening in the lab and not on the actual appliance. My question is: will the first command output all VS, and can the script be edited using the second command, where all VS can be modified?
Thanks.
- Daniel_Wolf
First of all, this is all one command in one single line. Not two commands. No let's dissect this command into its parts.
tmsh list ltm virtual one-line | grep "profiles.*\ http\ "The above will list ALL virtuals that have the default http profile called http, one line per VS. That's what grep does.
tmsh list ltm virtual one-line | grep "profiles.*\ http\ " | awk '{ print $3 }'This will do the same, but it will print only the third ($3) field from output of the previous command - which is the VS name. That's what awk does.
tmsh list ltm virtual one-line | grep "profiles.*\ http\ " | awk '{ print $3 }' | xargs -I vs_name tmsh mod ltm virtual vs_name profiles add { pr_http } profiles delete { http http }Now this will take the output from awk, the virtual server name, and use them as argument for the tmsh modify. That's what xargs -I vs_name does. It puts the virtual server name into the variable vs_name which I later use in tmsh modify.
And with tmsh modify I add the new http profile and delete the old one.
This last and very long command will not show any output at the end, it will run with no message like "Success" or "Completed".
lttarvinaThanks, Daniel. This is very helpful. I have one more question. How can we check or ensure that the new HTTP profile has been added or applied to each virtual server? Is there a specific command for it, or could it be seen already in the "tmsh list virtual vs_name" command?
Thanks.
- Daniel_Wolf
You could either run this
tmsh list ltm virtual one-line | grep "profiles.*\ new_http_profile_name\ "or just compare before and after:
tmsh list ltm virtual one-line | grep "profiles.*\ old_http_profile_name\ " | wc -l
tmsh list ltm virtual one-line | grep "profiles.*\ new_http_profile_name\ " | wc -lwc -l shows you the amount of lines returned matching the criteria you are grepping for. The count should be the same.