Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Lukas_Ziegler's avatar
Lukas_Ziegler
Icon for Nimbostratus rankNimbostratus
Jun 04, 2020

Proxy Protocol via iRule --> how to implement v2

We are trying to implement proxy protocol (for use with SAP Web Dispatcher) and have this irule: when CLIENT_ACCEPTED {    set proxyheader "PROXY TCP[IP::version] [IP::remote_addr] [IP::local_addr]...
big-ip
devops
irules
ProxyProtocol
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Jun 04, 2020

Hi,

I have no experience on that, but I find this:

https://support.f5.com/csp/article/K40512493

http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

https://github.com/ably/proxy-protocol-v2

 

Are you working with IPv4 and TCP ?

Maybe this:

when CLIENT_ACCEPTED {
# Protocol signature
    set headerHex "0d0a0d0a000d0a515549540a"
# As Local
    append headerHex "20"
# IPv4 and TCP
    append headerHex "11"
# Length 22
    append headerHex "0c00" 
# Source IPv4 as Hex
    foreach oct [split [IP::remote_addr] "."] {
        append headerHex [format %02x $oct]
    }
# Dest IPv4 as Hex
    foreach oct [split [IP::local_addr] "."] {
        append headerHex [format %02x $oct]
    }
# Source port as Hex
    append headerHex [format %04x [TCP::remote_port]]
# Dest port as Hex
    append headerHex [format %04x [TCP::local_port]]
}
when SERVER_CONNECTED {
    # Write header as byte
    TCP::respond [binary format H* $headerHex]
}

Please, permit me to be wrong with that example code when it is just a shot.

If necessary, I think you can run proxy-protocol-v2 as node.js libraries in iRuleLX.

 

Kind regards.