Forum Discussion

Kalpesh_48932's avatar
Kalpesh_48932
Icon for Nimbostratus rankNimbostratus
Jul 16, 2013

x-forward-for irule

Hello Friends,

 

 

I have configured x-forward-for irule on my F5 and also it is enabled on HTTP profile. but it seems its not working cause on Apache server, we are getting only value of self IP, but not end client IP. I dont know why?

 

 

below is the script we have on Apache server

 

 

LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined

 

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_forwarded

 

SetEnvIfNoCase X-Forwarded-For "." from_proxy=1

 

CustomLog /appl/liferay/logs/http-access.log combined env=!from_proxy

 

CustomLog /appl/liferay/logs/http-access.log combined_forwarded env=from_proxy

 

 

 

this script works well, when we access application without F5, but do not work when, connects to application via F5

 

 

Irule configured on F5 is

 

 

when HTTP_REQUEST { HTTP::header insert "X-Forwarded-For" [IP::client_addr] }

 

 

can someone suggest if any changes in Irule required to work with above apache sript?

 

 

 

 

  • I'm sure someone will correct me if I'm wrong but I don't believe you want the quotes(") around X-Forwarded-For.

     

    Try this:

     

    when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::client_addr] }

     

     

    https://devcentral.f5.com/wiki/iRules.XForwardedForSingleHeaderInsert.ashx

     

  • If you want this turned on for all of your http traffic you can also turn on "x-forwarded for" in the http profile, there should be a drop-down box to enable it on the http profile.
  • Hello Leonardo,

     

     

    I tried this too, by removing "" from syntax. Also option is enabled in HTTP profile

     

     

    still its not working
  • Kalpesh,

     

    Are you familiar with logging in the irule? I would try logging in the irule to see what headers it's sending out to the pool member(s).

     

     

    Something like this:

     

     

    when HTTP_REQUEST {

     

    HTTP::header insert X-Forwarded-For [IP::client_addr]

     

    set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"

     

    log local0. "============================================="

     

    log local0. "$LogString (request)"

     

    foreach aHeader [HTTP::header names] {

     

    log local0. "$aHeader: [HTTP::header value $aHeader]"

     

    }

     

    log local0. "============================================="

     

    }

     

    when HTTP_RESPONSE {

     

    log local0. "============================================="

     

    log local0. "$LogString (response) - status: [HTTP::status]"

     

    foreach aHeader [HTTP::header names] {

     

    log local0. "$aHeader: [HTTP::header value $aHeader]"

     

    }

     

    log local0. "============================================="

     

    }

     

     

    https://devcentral.f5.com/wiki/irules.loghttpheaders.ashx

     

  • A few things to consider.

     

     

    1. It doesn't matter if you encapsulate the header name in quotes or not in the [HTTP::header insert ] statement. It'll work the same either way.

     

     

    2. If you enable "Insert X-Forwarded-For" in the HTTP profile, then you don't need to do it in the iRule, or vice versa.

     

     

    3. I'd suggest looking at a capture of the data going to the server. It may be that your logging is misconfigured and the X-Forwarded-For header is actually being sent.

     

  • Hello,

     

     

    I tried keeping only one option to insert x-forward and in logs i found nothing :(

     

     

    how to check logs for x-forward on F5? any command? tcpdump? or i wl find it in /log file?
  • Assuming traffic to the server is not encrypted, try a TCPDUMP. Something like this:

    
    tcpdump -lnni 0.0 -Xs0 [filter of your choice to limit view]
    

    The -Xs0 flags will show the payload data in the captures. You should see HTTP request messages coming from the BIG-IP, containing several headers.