Forum Discussion
Sean_McGirk_859
Nimbostratus
NimbostratusInsert x-forwarded-proto and x-forwarded-port - Is this the correct way to do it?
One of my application owners approached me with the need to insert both x-forwarded-proto and x-forwarded-port. I have this iRule ready but am looking for some feedback on the syntax. Will this insert both? Thanks!
when HTTP_REQUEST { if {([TCP::local_port] ==443) and !( [HTTP::header "X-Forwarded-Proto"] eq "https") }{
HTTP::header insert X-Forwarded-Proto "https" }elseif {([TCP::local_port] ==443) and !( [HTTP::header "X-Forwarded-Port"] eq "443") }{
HTTP::header insert X-Forwarded-Port "443" }
}
Mohamed_LrhaziAltocumulus
Why are you testing for the port? That not known in advance? and why does it matter ? why are you testing for the header presence? who would have inserted it? Just curious!
https://devcentral.f5.com/wiki/irules.HTTP__header.ashx
Stanislas_Piro2Cumulonimbus
Hi,
In your irule, you add only one header, X-Forwarded-Proto or X-Forwarded-Port (else if statement).
Evaluate port 443 is not the best way to test if protocol is HTTPS. Evaluate SSL::mode instead.
Try the following irule.
when HTTP_REQUEST { if { [SSL::mode] == 1 } { if {!( [HTTP::header "X-Forwarded-Proto"] eq "https") }{ HTTP::header insert X-Forwarded-Proto "https" } if { !( [HTTP::header exists "X-Forwarded-Port"]) }{ HTTP::header insert X-Forwarded-Port [TCP::local_port] } }
prvndeshmukh25Getting an error about
01070151:3: Rule [/Common/x-Forwarded-Proto] error: /Common/x-Forwarded-Proto:2: error: [undefined procedure: ssl::mode][ssl::mode]
Are you decrypting on the way in?
So you have a client ssl profile set? and more importantly the f5 can see the request coming in so it can add the header? To me its trying at add the header but ssl/encryption is in the way.
