iRule for Swapping XFF with Something Custom(Microsoft)

Question

What is the syntax for a simple iRule that takes a standard X-Forwarded-For header and rewrites it to a different header name. I have a WAF in front of an LTM, which is in front of an ADFS Proxy environment, which does not use the XFF header, but uses instead "X-MS-Forwarded-Client-IP". The WAF will send a standard XFF header, but then I need the f5 to rewrite it to something the ADFS Proxies can parse.

Example, f5 will receive:

X-Forwarded-For: 1.1.1.1

I then want the f5 to rewrite to:

X-MS-Forwarded-Client-IP: 1.1.1.1

Thanks all in advance for your help!

wralon · Answer

I have tried the following, but it does not seem to be working....

when HTTP_REQUEST {

if {[HTTP::header exists X-Forwarded-For]}{

HTTP::header insert X-MS-Forwarded-Client-IP [HTTP::header X-Forwarded-For]

} else {

HTTP::header insert X-MS-Forwarded-Client-IP [IP::client_addr]

}

ryank5589 · Answer

Hey, I was wondering if there was ever a resolution to this issue? I am also running into the same issue where I need to see the X-MS-Forwarded-Client-IP due to the traffic going to the ADFS proxy environment and it not being able to accept the XFF.

Forum Discussion

iRule for Swapping XFF with Something Custom(Microsoft)

Recent Discussions

BIG-IP Oauth Client and AS

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Advice to partial rename uri path

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

Related Content

Knowledge sharing: High CPU/Memory/Swap investigation/troubleshooting

APM RDP Access not working - I'm sure I'm missing something!

iRule TCL: if 'something' in 'list' then, syntax/parser error

Why SDN (or something like it) was Inevitable: Service Velocity

Can we swapped VIPs ip addresses in F5 ?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS