Forum Discussion

KOR_124005's avatar
KOR_124005
Icon for Nimbostratus rankNimbostratus
Mar 05, 2014

How to setup X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT ?

Hi All, Hope you are fine.   please need you Help,   i have problem,   when i activate the google proxy is the IP of the proxy that replaces the customer address   i tested the proxy wit...
application delivery
citrix
cloud
LTM
microsoft
oracle
vmware
nitass's avatar
nitass
Icon for Employee rankEmployee

e.g.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 2
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [scan [HTTP::header Forwarded] {for=%s} ip] == 1 } {
    HTTP::header remove X-forwarded-for
    HTTP::header insert X-forwarded-for $ip
  }
}
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(60325) <-> 172.28.24.10(80)
1397563493.0008 (0.0022)  C>S
---------------------------------------------------------------
GET / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Forwarded: for=1.2.3.4

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(60325) <-> 200.200.200.101(80)
1397563493.0028 (0.0018)  C>S
---------------------------------------------------------------
GET / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Forwarded: for=1.2.3.4
X-forwarded-for: 1.2.3.4

---------------------------------------------------------------
KOR_124005's avatar
KOR_124005
Icon for Nimbostratus rankNimbostratus
Apr 20, 2014
Hi nitass, many thnaks for your replay after having applied the irule as you can see the field is replace by @ IP Proxy googel. Forwarded: for=105.235.128.137 >>>> 3G Costumer Scheme: http Via: 1.1 Chrome Compression Proxy X-Psa-Client-Features: bypass,safebrowsing X-Psa-Client-Options: webp-enable User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) CriOS/33.0.1750.21 Mobile/11D169 Safari/9537.53 X-BIGIP-CALLING-IP: 66.249.93.10 >>>> Proxy Google X-Forwarded-For: 66.249.93.10, 192.168.101.54 X-Varnish: 851995049 Many thanks for your help Br,