Forum Discussion

Lukasz_01_15307's avatar
Icon for Nimbostratus rankNimbostratus
Sep 16, 2016

f5 irules add headers

Hello, I'm trying to replace Nginx with f5, and I have a few headers I need to set in f5, but I'm not sure how... in nginx the config file looks like this:

  proxy_set_header X-Forwarded-Host       $host;
  proxy_set_header Host                   $http_host;
  proxy_set_header X-Real-IP              $remote_addr;
  proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto      $scheme;

Is there any way of replicating this in f5? I was hoping to do this through irule, as I alredy have an irule assigned to one VS that changes url and uri and passes it to corect node:

if { not (([HTTP::path] starts_with "/api/") or ([HTTP::path] starts_with "/auth") )} { return }
set apiType [lindex [split [HTTP::path] "/"] 2]
if {([HTTP::path] starts_with "/auth") }{
    set newSubdomain access.uat.
    HTTP::header replace "Host" [string map [list "api-uat." $newSubdomain ] [HTTP::host]]
    HTTP::path [string map [list "/api/$apiType" "/access"] [HTTP::path]]
    log local0. "New Path [HTTP::host][HTTP::path]"
    virtual keycloak_vs
    node 8080
} else {
    log local0. "api type $apiType"
    append newSubdomain $apiType .uat.
    log local0. "New Subdomain $newSubdomain"
    HTTP::header replace "Host" [string map [list "api-uat." $newSubdomain ] [HTTP::host]]
    HTTP::path [string map [list "/api/$apiType" "/api"] [HTTP::path]]
    log local0. "New Path [HTTP::host][HTTP::path]"
unset newSubdomain
unset apiType

not sure what else to include to make it clear.... The basic process is: user goes to f5 changes this to (user don't see this)

This takes user to the page with links, one of the links is "log in", and when user chooses it should go to
however for some reason URL in the browser is changed to
which is not accessible externally...

I'm guessing that the problem is with missing proxy headers like I have them in nginx (which doesn't get the same problem)

Hope this is clear enough 🙂

1 Reply

  • Hi, I think you need to rewrite the response to the reverse logic, so internal goes to external address.


    See this:


    Basically you would use a profile stream and HTTP_RESPONSE event, then rewrite the contents headers and body before to send to the end user.