For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Geoff_Littlewoo's avatar
Geoff_Littlewoo
Icon for Nimbostratus rankNimbostratus
Jul 24, 2009

Use iRulke to extract X-Forwarded out of HTTP packet

I have a polling HTTP pakcet that the LTM does not see as a proper compliant HTTP packet.   Due to this the device sends a single packet in and the F5 closes the connection. This connection need...
application delivery
dev
devops
iRules
v4
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 27, 2009
So it sounds like the client is making more than one HTTP request on the same TCP connection. If that happens, the HTTP profile and iRule would no longer be enabled, so the XFF header would not be inserted. That's the downside to disabling the HTTP profile.

 

 

If you want to insert the XFF header in every request on a TCP connection, you would need to collect the TCP payload and search every packet for some delimiter like HTTP/1.0\r\n or HTTP/1.1\r\n and replace it with HTTP/1.x\r\nX-Forwarded-For: [IP::client_addr]\r\n where x is the HTTP version. You could also potentially do this with a stream profile as the HTTP headers (not the payload) would be modified.

 

 

The easiest option though would be to change the servers' default gateway and remove the SNAT.

 

 

Aaron