For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rluhrman_127985's avatar
rluhrman_127985
Historic F5 Account
Jan 13, 2006

Replacing Headers using iRules

I came across an issue where using "replace" did not replace the header with the new header.     Here is an example:     rule WL-Proxy-Client-IP-BAD {   when HTTP_REQUEST {   i...
application delivery
dev
devops
iRules
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
Jan 16, 2006
Well, given the examples you listed, it looks as though you may be looking for different functionality than what the HTTP::header replace command gives.

This command will replace the last instance of whatever header you name, with the contents provided. Note that the header name will remain the same.

This means, given your example:


when HTTP_REQUEST {
  if { [HTTP::header exists "X-Forwarded-For"] } {
    HTTP::header replace "X-Forwarded-For" "WL-Proxy-Client-IP"
  }
}

You would end up with a header named "X-Forwarded-For" with a value of "WL-Proxy-Client-IP". Note that this would be that exact text, not the value of the Proxy-Client-IP, unless the value was stated there instead of the name.

In the working example, below, you are removing the X-Forwarded-For header, and replacing it wwith a DIFFERENT header, named completely differently, with the client's IP address as its value.

So, to use the replace command to garner similar results, you would do something to this effect:


when HTTP_REQUEST {
  if { [HTTP::header exists "X-Forwarded-For"] } {
    HTTP::header replace "X-Forwarded-For" [IP::client_addr]
  }
}

This would result in a header named X-Forwarded-For, with a value of the client's IP address. If you're looking to change the name of the header, then the second example you gave, using the remove then the insert with a new name, is the correct syntax.

HTH,

-Colin