Forum Discussion
breasoner_11658
Nimbostratus
NimbostratusInserting WL-Proxy-SSL header via iRule
Hello -
I have an application that is a bit strange in the sense that certain pages require the "WL-Proxy-SSL: true" request header to display all elements on the page via SSL, but other pages on the site won't load with that header inserted. I am able to selectively remove the request header for the elements that won't use it, but there are about 25 of them as opposed to 4 elements that need the header. I have read everything that I can find regarding the HTTP::header insert string, but it just doesn't work for me. I'm running BIG-IP version 10.2.0 HF2. According to everything I've read, this should work! What am I missing?
Below is an excerpt of the current iRule:
Portal context
set portal_uri "/portal"
Layouts context
set layouts_uri "/_layouts"
Set Header information
set WLheader "WL-Proxy-SSL"
set WLheaderVal "true"
Retrieve the list of pools from the data group list
set clientPoolList [ findclass $host $DATA_GROUP_LIST " " ]
Route requests to Portal.
if { $uri starts_with $portal_uri }{
HTTP::header insert $WLheader $WLheaderVal
Identify the Portal pool
set portal_pool [getfield $clientPoolList " " 3]
log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
pool $portal_pool
return
} elseif { $uri starts_with $layouts_uri }{
HTTP::header insert $WLheader $WLheaderVal
log local0. "Inserting $WLheader: [HTTP::header value $WLheader]"
Identify the Portal pool
set portal_pool [getfield $clientPoolList " " 3]
log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
pool $portal_pool
return
15 Replies
hoolioCirrostratus
As Joe said, your logs from the iRule show the value of the header. This log line:
log local0. "Inserting $WLheader: [HTTP::header value $WLheader]"
Logs the name and value:
Mar 2 14:55:11 local/tmm info tmm[5150]: Rule QA-Portal-Shared-IP-plus-Jasper < HTTP_REQUEST >: Inserting WL-Proxy-SSL: true
So can you clarify what the issue is? Is it that the other header logging rule doesn't show the header? If so, can you either make sure the logging rule is ordered after the rule which is doing the insert on the virtual server's resources tab? Or you can specify a priority for the logging rule to force it to run after the header insert rule.
https://devcentral.f5.com/wiki/iRules.priority.ashx
Aaron
breasoner_11658I made sure the the logging rule is ordered last. The header isn't getting inserted. I think the only reason that the log entry is showing up in the logging for the irule is because I am foring it to show up in the log.- hoolioIt might be faster to open a support case on this so they can review the full virtual server definition and each iRule assigned. That said...
If you log 'Inserting $WLheader: [HTTP::header value $WLheader]' and it shows the value 'true' that means the header has been inserted in the request which is sent to the pool member.
How are you determining that the header isn't being inserted if the logging iRule shows the value? Are you checking a tcpdump of the serverside traffic, checking server logs or something else? A tcpdump of the serverside traffic should prove this out conclusively.
Aaron - breasoner_11658OK, so the mystery has been solved. As it turns out, I needed to insert the header in one additional place:
Route WFM requests to 3G Pool } elseif { $uri starts_with $wfm3g_wfm_uri }{ HTTP::header insert $WLheader $WLheaderVal log local0. "Inserting $WLheader: [HTTP::header value $WLheader]" set wfm3g_pool [getfield $clientPoolList " " 1] log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri" pool $wfm3g_pool return
So the reason that I wasn't seeing the header inserted in the other sections is that they weren't actually getting loaded since the header wasn't getting inserted in this section.
Thanks for all of the help guys, it is much appreciated. Sorry if I wasted anyone's time.
Brian. - hoolioNice work in figuring this out. I was confused by the symptoms :)
Aaron
