Forum Discussion
Pass TAG from one Virtual Server to another
Yes your understanding on redirection is correct.
Below is the iRule on VS8080
when HTTP_REQUEST {
# Remove untrusted HTTP X-Forwarded header
#
# X-Forwarded headers clean-up
#
HTTP::header remove X-Forwarded-For
HTTP::header remove X-Forwarded-Host
HTTP::header remove X-Forwarded-Port
HTTP::header remove X-Forwarded-Proto
HTTP::header remove X-Real-IP
# Set our own X-Forwarded and X-Real-IP headers
# X-FORWARDED-FOR and X-REAL-IP
#
HTTP::header insert X-Forwarded-For [IP::client_addr]
HTTP::header insert X-Real-IP [IP::client_addr]
# X-FORWARDED-PORT
#
HTTP::header insert X-Forwarded-Port [TCP::local_port]
}
As you can see we are clearing the XF header and adding the new header to avoid any clients trying to connect already with the XF header.
Though I set a header on VS9090 before redirecting to VS8080 it will be removed by the iRule on VS8080.
Hope this clarifies.
Actually it's not removed by your VS8080, I think it doesn't get passed to VS8080 in first place.
The way how VS9090 redirects is through 302. When you use http2https redirect irule, it uses HTTP::REDIRECT method on the HTTP_REQUEST event. You cant pass headers. Well you could still try going with HTTP::RESPOND method with a 302 with Location header. But still it wouldn't work.
When a 302 comes back to client, the browser takes the Location header information and passes it a new Get request, thus your headers even if you had passed with HTTP::RESPOND would still get dropped in the new Get request which goes to the new VS8080.
The only way I can think of is, to pass your header info along with the value of Location header. And once the traffic reaches the VS8080, you would inspect the inbound request and filter it out accordingly.
Hope you got the idea. See if it helps.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com