Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
May 12, 2021

How can I remove an X-Forwarded-For header from a malformed http datagram?

Hi;

 

I have a device "before the F5" that inserts an X-Forwarded-For (XFF) header into a http datagram. The datagram is originated from a user's browser set to point explicitly at a proxy, thus all TLS data will be encapsulated in a http datagram destined to port 8080. There is no issue for the initial "CONNECT" method datagram at all.

 

The issue is when this device inserts the XFF header in the subsequent client hello. The XFF header is inserted right at the end of the datagram, the F5 load balances it to the proxy and the proxy drops it as it cannot understand it.

 

My question is: how can I remove this XFF header to restore the original client hello into its original form.

 

Kindly

Wasfi

 

 

 

 

  • Why don't you try "HTTP::header remove <name>"?

     

    https://clouddocs.f5.com/api/irules/HTTP__header.html

     

     

     

    Still you may also look at /var/log/ltm and disable the "Enforcement" option in the http profile:

     

    https://support.f5.com/csp/article/K40243113

     

     

     

     

    Also just in case check the error message in the bug tracker:

     

    https://support.f5.com/csp/bug-tracker?sf189923893=1

  • Why don't you try "HTTP::header remove <name>"?

     

    https://clouddocs.f5.com/api/irules/HTTP__header.html

     

     

     

    Still you may also look at /var/log/ltm and disable the "Enforcement" option in the http profile:

     

    https://support.f5.com/csp/article/K40243113

     

     

     

     

    Also just in case check the error message in the bug tracker:

     

    https://support.f5.com/csp/bug-tracker?sf189923893=1