Forum Discussion
kunal_borkar_52
Nimbostratus
NimbostratusNot able to see HTTP requset from and HTTP header in floationg IP to server communication
Hi Team,
I have created LAB set up on VMware for LTM. I want to configure Client Ip insertion in HTTP header but when I take Tcpdump on LTM not able to see any HTTP request from Floating IP to server, all requsets show as TCP so not able to see any HTTP header. ehnce not able to confirm whether Client IP is getting insert on HTTP header. Please find below config and find attached capture file,
profile http web_1 {
defaults from http
oneconnect transformations enable
header insert none
header erase none
fallback none
response selective chunk
lws width 80
lws separator none
redirect rewrite none
max header size 32768
max requests 0
pipelining enable
insert xforwarded for enable
fallback status none
response headers allowed none
encrypt cookies none
}
node 10.1.1.25 {}
pool Web_1 {
monitor all tcp
members {
10.1.1.25:hosts2-ns {}
10.1.1.25:xfer {}
}
}
snatpool web_1 {
members 10.1.1.15
}
rule Client_ip {
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}
}
rule My_rule {
when HTTP_REQUEST {
if {not [HTTP::header exists "X-Forwarded-For"]} {
HTTP::header insert X-Forwarded-For [IP::client_addr]
}
}
}
rule Web_1 {
when HTTP_REQUEST {
if { [HTTP::uri] equals "/" } {
HTTP::redirect "http://10.1.1.30/joomla/"
}
}
}
traffic class ANY {
classification tag "Any"
src mask none
dst mask none
}
virtual Web_1 {
snat automap
pool Web_1
destination 10.1.1.30:http
ip protocol tcp
rules {
Web_1
My_rule
}
profiles {
http {}
tcp {}
}
}
Please revert with your observation.
Regards..Kunal
What_Lies_Bene1Cirrostratus
Kunal, if you're HTTP Profile is configured to insert the XFF header, there's no need for an iRule to do the same thing.
Regarding the tcpdump,are you specifying the correct real server-side interface? Also, what are you using to decode the dump? The port isn't the standard HTTP port of 80 so you might need to specifically specify 'decode as HTTP'.- nitass
Employee
e.g.[root@ve10:Active] config b virtual Web_1 list virtual Web_1 { snat automap pool Web_1 destination 172.28.19.79:80 ip protocol 6 rules { Web_1 My_rule } profiles { http {} tcp {} } } [root@ve10:Active] config b pool Web_1 list pool Web_1 { members 200.200.200.101:80 {} } [root@ve10:Active] config b rule Web_1 list rule Web_1 { when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "http://10.1.1.30/joomla/" } } } [root@ve10:Active] config b rule My_rule list rule My_rule { when HTTP_REQUEST { if {not [HTTP::header exists "X-Forwarded-For"]} { HTTP::header insert X-Forwarded-For [IP::client_addr] } } } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.251(49526) <-> 172.28.19.79(80) 1349253665.2904 (0.0013) C>S --------------------------------------------------------------- HEAD /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(49526) <-> 200.200.200.101(80) 1349253665.2931 (0.0009) C>S --------------------------------------------------------------- HEAD /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* X-Forwarded-For: 172.28.19.251 --------------------------------------------------------------- 
kunal_borkar_52By decoding TCP dump as HTTP able to see client IP in cpature also by using " ssldump -Aed -nni 0.0 port 80 or port 81 or port 82" command able to see client ip in HTTP header.
Thanks for update.
Regards..Kunal
