Forum Discussion
Christophe_Lem2
Cirrus
CirrusPersistence on X-Forwarded-For or Source IP
Hi,
I've got a request to make a persitence across two virtual servers but on different parameters...
The two virtual servers uses the same pool.
The client connects first on vserver1 through a proxy, where X-Forwarded-For is inserted in the HTTP header. Then the client connects to a second vserver, vserver2, without proxy. He must go to the same server as for the first request.
I've tried the following iRule but it doesn't seem to work...
when HTTP_REQUEST {
if {[HTTP::header X-Forwarded-For] != ""} then {
persist uie [HTTP::header X-Forwarded-For] 900
} else {
persist uie [IP::client_addr] 900
}
}
Any idea on how to achieve this?
Regards,
Christophe
4 Replies
- nitass
Employee
you enabled match across virtual servers, didn't you?
sol5837: Match Across options for session persistence
http://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837.html 
Christophe_Lem2It works like a charm, I forgot to enable the Match Across Virtual Servers in my persitence profile...
Lester_W__54354Nimbostratus
This is good EXCEPT if the X-Forwarded-For is a comma-separated list and the intermediate proxies vary. Consider the following: REQUEST 1: X-Forwarded-For: 101.202.11.15, 10.2.5.7 REQUEST 2: X-Forwarded-For: 101.202.11.15, 10.2.5,18 The iRule shown above will treat request 2 as different. Any ideas on how to ensure only the 1st IP address in the list is used?- Christophe_Lem2You may try to replace persist uie [HTTP::header X-Forwarded-For] 900 by something like this (not tested) lassign [ split [HTTP::header X-Forwarded-For] "," ] srcIP persist uie $srcIP 900
