For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ayush07's avatar
Ayush07
Icon for Altostratus rankAltostratus
Jul 05, 2019

How to enable X-Forwarded-Host ?

X-Forwarded-For  XFF i am aware that we enable it in custom http profile to insert client IP but looking   to enable X-Forwarded-Host XFH as well, kindly please advise. Thank you
application delivery
LTM

3 Replies

  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for Noctilucent rankNoctilucent
    Jul 05, 2019

    Try with this iRule ->

    https://devcentral.f5.com/s/articles/http-forwarded-header-injection-1083

    KR,

    Dario.

  • Juraj's avatar
    Juraj
    Icon for Cirrus rankCirrus
    Jul 07, 2019

    The following is part of my baseline HTTP iRule:

    when HTTP_REQUEST {
 
	# Remove untrusted HTTP X-Forwarded headers
	# from HTTP requests and set our own:
	#
	# - X-Forwarded-For
	# - X-Forwarded-Host
	# - X-Forwarded-Port
	# - X-Forwarded-Proto
	# - X-Real-IP
	#
 
	#  X-Forwarded headers clean-up
	#
	HTTP::header remove X-Forwarded-For
	HTTP::header remove X-Forwarded-Host
	HTTP::header remove X-Forwarded-Port
	HTTP::header remove X-Forwarded-Proto
	HTTP::header remove X-Real-IP
 
	# Set our own X-Forwarded and X-Real-IP headers
 
	# X-FORWARDED-FOR and X-REAL-IP
	#
	HTTP::header insert X-Forwarded-For [IP::client_addr]
	HTTP::header insert X-Real-IP [IP::client_addr]
 
	# X-FORWARDED-HOST
	#
	if { [HTTP::host] ne "" } {
		HTTP::header insert X-Forwarded-Host [HTTP::host]
	} else {
	    HTTP::header insert X-Forwarded-Host [clientside {IP::local_addr}]
	}
 
	# X-FORWARDED-PORT
	#
	HTTP::header insert X-Forwarded-Port [TCP::local_port]
 
	# X-FORWARDED-PROTO
	#
	if { [PROFILE::exists clientssl] == 1 } {
		HTTP::header insert X-Forwarded-Proto "https"
	} else {
		HTTP::header insert X-Forwarded-Proto "http"
	}
}