Forum Discussion

Nimbostratus

Jul 11, 2025

irule for redirect and header injection

we have an application going through APM with AD authentication. A irule is applied to redirect it directly to backend server and is functioning. I need to insert "X-Authenticated-User" "true" to the...

application delivery

VishnuGatla

Cumulonimbus

Jul 11, 2025

Your iRule logic is correct for "inject header only if not redirecting." If you want the header to be present on requests that are redirected, that's not possible, redirects are handled by the client, not the backend. If you want the header on proxied requests, your iRule is correct.

Here is the irule

when HTTP_REQUEST {
if { ([HTTP::uri] equals "/app123") or ([HTTP::host] equals "app234.mydomain") } {
HTTP::redirect "https://your-backend-url.example.com"
return
}
HTTP::header replace "X-Authenticated-User" "true"
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

irule for redirect and header injection

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

LLM Prompt Injection Detection & Enforcement

Logging/Blocking possible prompt injection

Host header injection iRule

(HTTP) Redirection via Arbitrary Host Header

WAF evasion techniques for Command Injection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS