Forum Discussion

raytoles_75680's avatar
raytoles_75680
Icon for Nimbostratus rankNimbostratus
Dec 03, 2009

Header Insert of "http" or "https"

We're going to implement a virtual server to handle HTTP and HTTPS requests. The developers need us to insert the protocol into the header. We're still new to irules and I constantly fear performanc...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 04, 2009
A client wouldn't include a response header in a subsequent request, so the only time that header would exist is if the client injected it. You might actually want to remove any prior instance to ensure a malicious client couldn't forge the header.

If the VIP is defined on port 0, you might also want to drop any non-80 or non-443 traffic. You can also do the check once in CLIENT_ACCEPTED instead of on each HTTP request: 

 
 when CLIENT_ACCEPTED { 
  
     Check the requested port 
    switch [TCP::local_port] { 
       80 { 
          set proto http 
       } 
       443 { 
          set proto https 
       } 
       default { 
           Drop the request 
  drop 
       } 
    } 
 } 
 when HTTP_REQUEST { 
  
     Replace the X-Forwarded-Proto header if it exists 
      If it does not exist, a new instance will be inserted 
    HTTP::header replace X-Forwarded-Proto $proto 
 }

Aaron