Forum Discussion
How to rewrite the source IP address to an URL
- Jan 29, 2024
Your description of the scenario is not so clear. Client's IP address (source IP address) is located at Layer 3 (OSI model, IP address), but not in Layer 7 (HTTP header). Therefore you can't "Replace source IP address by URL/FQDN" (because first is located at Layer3 and second at Layer7=HTTP header)
In general modifying HTTP header by iRule is described here: https://clouddocs.f5.com/api/irules/HTTP__header.html. You can use one of this:
<SPAN class="token comment"># replace</SPAN> HTTP::header replace <SPAN class="token operator"><</SPAN>name<SPAN class="token operator">></SPAN> <SPAN class="token punctuation">[</SPAN><SPAN class="token operator"><</SPAN>string<SPAN class="token operator">></SPAN><SPAN class="token punctuation">]</SPAN> <SPAN class="token comment"># insert</SPAN> HTTP::header <SPAN class="token punctuation">[</SPAN>value<SPAN class="token punctuation">]</SPAN> <SPAN class="token operator"><</SPAN>name<SPAN class="token operator">></SPAN>
Read this and maybe it helps understand your request...
"Normal" load-balancing TCP flow (in general HTTP) is "destination NAT":
- first TCP flow (client side): client -> VIP = IPclient -> VIP
- second TCP flow (server side): f5 -> pool member = IPclient -> IPserver
^^ as you can see, destination IP address (VIP) is replaced to IPserver (it's destination NAT), but source IP address (client's IP) is the same. That's normal behaviour.When you need to "hide" client's IP address (or in some special network topology cases) you have to use "source NAT" on f5 device. In this case TCP flow seems like this:
- first TCP flow (client side): client -> VIP = IPclient -> VIP
- second TCP flow (server side): f5 -> pool member = IPf5 -> IPserver
^^ in this case, source address (client's IP) is "hidden"/replaced by to another IP address (when you are using "auto map" the IP address is self oror (when HA pair is configured) float IP address of the f5 deviceWhen you are using "source nat" and you need to know client's IP address on server side, you can add client's IP address (from Layer3 of the OSI model) to HTTP header (Layer7) as "XFF" (X-Forwarded-For) header value (https://en.wikipedia.org/wiki/X-Forwarded-For). For this case you can use HTTP profile or iRule as a code (https://my.f5.com/manage/s/article/K4816). XFF by iRule example:
when HTTP_REQUEST <SPAN class="token punctuation">{</SPAN> HTTP::header insert X<SPAN class="token operator">-</SPAN>Forwarded<SPAN class="token operator">-</SPAN>For <SPAN class="token punctuation">[</SPAN>IP::remote_addr<SPAN class="token punctuation">]</SPAN> <SPAN class="token punctuation">}</SPAN>
And now back to your question: What is your request? What do you need replace? You need "hide" client's real IP address?
You're close, but use Host instead of client_addr and remove the quotes on the hostname.
The host header is based on "destination", not "source" as requested. I think the question is wrong (that I wrote on my another post here).
- TofunmiJan 29, 2024MVP
The replaced header in the iRule I suggested will replace the Host Header and the servers behind will see the request coming from the replaced Host i.e. It will be the source for the server-side traffic.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com