Forum Discussion

MSK_222682's avatar
MSK_222682
Icon for Nimbostratus rankNimbostratus
Jul 04, 2016

Differentiating the connections based on headers || HTTP Profile

Hi,

I have a scenario wherein the app team wants to publish an application both to external and internal (intranet). However, the requirement from them is to check on BIG IP to leverage HTTP profile (or iRule) to segregate between external and internal users. 

They want to have something like 
http profile = abc.com_external implies external user 
http profile = abc.com_internal implies internal user 

Now, below is the traffic flow for both scenarios,

External 
End user >>> External BIGIP >>> Internal BIGIP >>> Backend Servers 

Internal
End user >>>> Internal BIGIP >>> Backend Servers

So, the only difference basically is that for external connections the internal BIGIP would see the source as the external BIGIP. Now, my approach is if we can insert something in the header on external BIGIP and monitor for it on the internal BIGIP then we could differentiate between external and internal users. Internal connections would be parsed as normal. Therefore, at the app level on backend servers they could differentiate between external connections by monitoring the newly added header.

Not sure if this could be achievable but would be great if you could provide some help and thoughts.

Br,
MSK
application delivery
header insert
http 1.1
http header
http profile
iRules
LTM
  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Jul 04, 2016

    Something like this in the "External BigIP" would be able to achieve what you are looking for:

    when HTTP_REQUEST {
     HTTP::header insert "X-Origin" "External BigIP"
}