Forum Discussion

Sean_McGirk_859's avatar
Sean_McGirk_859
Icon for Nimbostratus rankNimbostratus
Aug 07, 2015

Insert x-forwarded-proto and x-forwarded-port - Is this the correct way to do it?

One of my application owners approached me with the need to insert both x-forwarded-proto and x-forwarded-port. I have this iRule ready but am looking for some feedback on the syntax. Will this inser...
application delivery
devops
iRules
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus

Hi,

In your irule, you add only one header, X-Forwarded-Proto or X-Forwarded-Port (else if statement).

Evaluate port 443 is not the best way to test if protocol is HTTPS. Evaluate SSL::mode instead.

Try the following irule.

when HTTP_REQUEST {
if { [SSL::mode] == 1 } {
    if {!( [HTTP::header "X-Forwarded-Proto"] eq "https") }{
        HTTP::header insert X-Forwarded-Proto "https"
    }
    if { !( [HTTP::header exists "X-Forwarded-Port"]) }{
        HTTP::header insert X-Forwarded-Port [TCP::local_port]
    }
}
prvndeshmukh25's avatar
prvndeshmukh25
Icon for Nimbostratus rankNimbostratus
Mar 10, 2023

Getting an error about 

01070151:3: Rule [/Common/x-Forwarded-Proto] error: /Common/x-Forwarded-Proto:2: error: [undefined procedure: ssl::mode][ssl::mode]

  • PSFletchTheTek's avatar
    PSFletchTheTek
    Icon for MVP rankMVP
    Mar 10, 2023

    Are you decrypting on the way in?
    So you have a client ssl profile set? and more importantly the f5 can see the request coming in so it can add the header? To me its trying at add the header but ssl/encryption is in the way.

    • prvndeshmukh25's avatar
      prvndeshmukh25
      Icon for Nimbostratus rankNimbostratus
      Mar 10, 2023

      Actaully instead of client ssl, trying iRule configuration as per script given above but getting an error which shared earlier..