For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

juniorexus_1332's avatar
juniorexus_1332
Icon for Nimbostratus rankNimbostratus
Aug 06, 2014

iRule to take host information from absoluteURI and re-write the host header

Hi all,

 

We have a VIP which is being accessed by clients externally via different proxies. We noticed that some of those proxies manipulate the host header of the HTTP request and re-write it with the wrong information. Those GET requests are absoluteURIs like one below. We want to take the host information from the absoluteURI and re-write the host header of the HTTP request using iRule so specific content can be accessed. Unfortunately iRule needs to be generic as there are different proxies with different dns domains. Did you guys have seen iRule which can achieve described result?

 

Example of HTTP request

 

GET https://client1.test.com/path/query?test=A

 

Host: proxy.domain.net

 

X-Forwarder-host : proxy.domain.net

 

Example of HTTP request after modification

 

GET https://client1.test.com/path/query?test=A

 

Host: client1.test.com

 

X-Forwarder-host : proxy.domain.net

 

Thanks, Michal

 

application delivery
devops
iRules
LTM

2 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 10, 2014

    e.g.

    // config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 60
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  set host_in_uri [getfield [HTTP::uri] / 3]
  if { [HTTP::host] ne $host_in_uri } {
    HTTP::header replace Host $host_in_uri
  }
}
}

// test

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(53936) <-> 172.28.24.10(80)
1407713054.1000 (0.0019)  C>S
---------------------------------------------------------------
GET https://client1.test.com/path/query?test=A HTTP/1.1
Host: proxy.domain.net
X-Forwarder-host: proxy.domain.net


---------------------------------------------------------------

1    1407713054.1000 (0.0000)  C>S  TCP FIN
New TCP connection 2: 200.200.200.14(53936) <-> 200.200.200.101(80)
1407713054.2039 (0.1035)  C>S
---------------------------------------------------------------
GET https://client1.test.com/path/query?test=A HTTP/1.1
Host: client1.test.com
X-Forwarder-host: proxy.domain.net

---------------------------------------------------------------
  • juniorexus_1332's avatar
    juniorexus_1332
    Icon for Nimbostratus rankNimbostratus
    Aug 11, 2014

    Much appreciated for coming back to me on this one nitass! I will give it a go and test as well, Thanks!!