Forum Discussion
gianluca_gozzi
Nimbostratus
Jan 04, 2010Monitoring node with npath routing
Hi Guys
I've this question regadin the node monitor with npath routing.
The configuration is
Vs 10.15.50.54:389
with fast L4 profile loose closed enabled. ...
A client wouldn't include a response header in a subsequent request, so the only time that header would exist is if the client injected it. You might actually want to remove any prior instance to ensure a malicious client couldn't forge the header.
If the VIP is defined on port 0, you might also want to drop any non-80 or non-443 traffic. You can also do the check once in CLIENT_ACCEPTED instead of on each HTTP request:
when CLIENT_ACCEPTED {
Check the requested port
switch [TCP::local_port] {
80 {
set proto http
}
443 {
set proto https
}
default {
Drop the request
drop
}
}
}
when HTTP_REQUEST {
Replace the X-Forwarded-Proto header if it exists
If it does not exist, a new instance will be inserted
HTTP::header replace X-Forwarded-Proto $proto
}
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects