For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wralon's avatar
wralon
Icon for Nimbostratus rankNimbostratus
Jun 12, 2019

iRule for Swapping XFF with Something Custom(Microsoft)

What is the syntax for a simple iRule that takes a standard X-Forwarded-For header and rewrites it to a different header name. I have a WAF in front of an LTM, which is in front of an ADFS Proxy environment, which does not use the XFF header, but uses instead "X-MS-Forwarded-Client-IP". The WAF will send a standard XFF header, but then I need the f5 to rewrite it to something the ADFS Proxies can parse.

 

Example, f5 will receive:

 

X-Forwarded-For: 1.1.1.1

 

I then want the f5 to rewrite to:

 

X-MS-Forwarded-Client-IP: 1.1.1.1

 

Thanks all in advance for your help!

 

application delivery
iRules
LTM

2 Replies

  • wralon's avatar
    wralon
    Icon for Nimbostratus rankNimbostratus
    Jun 12, 2019

    I have tried the following, but it does not seem to be working....

     

    when HTTP_REQUEST {

    if {[HTTP::header exists X-Forwarded-For]}{

    HTTP::header insert X-MS-Forwarded-Client-IP [HTTP::header X-Forwarded-For]

    } else {

    HTTP::header insert X-MS-Forwarded-Client-IP [IP::client_addr]

    }

    }

     

  • ryank5589's avatar
    ryank5589
    Icon for Nimbostratus rankNimbostratus
    Dec 19, 2019

    Hey, I was wondering if there was ever a resolution to this issue? I am also running into the same issue where I need to see the X-MS-Forwarded-Client-IP due to the traffic going to the ADFS proxy environment and it not being able to accept the XFF.