F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ckato's avatar
ckato
Icon for Nimbostratus rankNimbostratus
Jan 12, 2016

How to convert Cisco ACE header rewrites to F5

How to convert Cisco ACE header rewrites to F5 How to write the irule for the following:

 

action-list type modify http HTTPS_REWRITE header insert both WL-Proxy-Client-IP header-value "%is" header insert both X-Forwarded-For header-value "%is" header insert both X-Forwarded-SRC_Port header-value "%ps" header insert request X-Forwarded-DEST_IP header-value "%id" header insert request X-Forwarded-DEST_Port header-value "%pd" header insert response Set-Cookie header-value "DWP-SLB-Session=%is:%ps:%id:%pd; path=/" header insert both WL-Proxy-SSL header-value "True" header rewrite response Location header-value "http:(.)" replace "https:%1"

 

ssl url rewrite location "."

 

application delivery
iRules
LTM

1 Reply

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 12, 2016

    Hi Ckato,

    you may use the iRule below as a staring point...

    when HTTP_REQUEST {

     Sanitize every instance of the given headers before inserting (the most secure way)
    HTTP::header remove WL-Proxy-Client-IP
    HTTP::header remove WL-Proxy-SSL
    HTTP::header remove X-Forwarded-For
    HTTP::header remove X-Forwarded-SRC_Port
    HTTP::header remove X-Forwarded-DEST_IP
    HTTP::header remove X-Forwarded-DEST_Port

     Inserts the additional inbound headers
    HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]
    HTTP::header insert WL-Proxy-SSL True
    HTTP::header insert X-Forwarded-For [IP::client_addr]
    HTTP::header insert X-Forwarded-SRC_Port [TCP::client_port]
    HTTP::header insert X-Forwarded-DEST_IP [IP::local_addr]    
    HTTP::header insert X-Forwarded-DEST_Port [TCP::local_port]

}
when HTTP_RESPONSE {

     Inserts the additional outbound headers
    HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]    ; is this really a requirement?
    HTTP::header insert WL-Proxy-SSL True                       ; is this really a requirement?
    HTTP::header insert X-Forwarded-For [IP::client_addr]       ; is this really a requirement?
    HTTP::header insert X-Forwarded-SRC_Port [TCP::client_port] ; is this really a requirement?

     Inserts the additional cookie
    HTTP::header insert Set-Cookie "DWP-SLB-Session=[IP::client_addr]:[TCP::client_port]:[IP::local_addr]:[TCP::local_port]; path=/"

     Rewriting the location headers
    if { [HTTP::header value Location] starts_with "http://" } then {
        HTTP::header replace Location "https[string range [HTTP::header value Location] 4 end]"
    }

}

    For further information on the HTTP::header command take a look to... https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx?lc=1

    Note: The X-Forwarded-For header insert could be done using the HTTP profile, too. But I included it for streamlined configuration...

    Note2: Review your response headers. I duno why you insert all the IP addresses into every response. Whats the intention behind?

    Note3: The Set-Cookie could be tuned with an additional "Secure" and "HttpOnly" flag, so that the cookie could be accessed by browsers-only while using HTTPS-only.

    Cheers, Kai