Forum Discussion
How to apply X-Forwarded-Proto https to specific client
We are migrating to a new set of web servers and I am wanting to re-use the existing F5 configuration, same WIP, VIPs, and SSL profile. I figured this would be as simple as creating a pool for the new servers, using an irule to redirect specific clients during the testing phase, and then changing the default pool when ready to go live.
The redirect is working as expected but some scripts are being blocked on the new home page. The existing VS is using an HTTP profile with the "Insert X-Forwarded-For" enabled but the web consultants are saying that an "X-Forwarded-Proto" "https" needs to be used.
I found lots of posts about how to implement the protocol forwarding but I don't want it to be applied to any clients outside of the testing group as they are still going to the old servers. I am probably over thinking this but is there a way to do that?
- iaineNacreous
Hi
Can you post a desensitised version of your current irule?
- Leonardo_SouzaCirrocumulus
See these pages, as they have all information about what you need:
https://devcentral.f5.com/wiki/irules.class.ashx
https://devcentral.f5.com/wiki/irules.http__header.ashx
You need a datagroup to define the users IPs for the new service, and to add the header. Something like this, not tested, just copied from those solutions:
when HTTP_REQUEST { if { [class match [IP::client_addr] equals "localusers_dg" ] } { HTTP::header insert "X-Forwarded-Proto" "https" } }
- CollumsNimbostratus
Here is the irule. The CLIENT_ACCEPTED part works perfect but the HTTP_REQUEST does not as I am still getting blocked content errors on the new site. I think the "Insert X-Forwarded-For" being enabled might be causing a problem but I cant remove it without breaking the current site.
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals xx.xx.xx.xx] } { pool New_WWW_Pool } } when HTTP_REQUEST { HTTP::header insert "X-Forwarded-Proto" "https"; }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com