Forum Discussion
pmaubo3_109863
Nimbostratus
NimbostratusX-Forward-For irule
There is an irule in place which was there before I started working at my position.
See below
when HTTP_REQUEST {
if {[HTTP::header exists X-Forwarded-For]}{
HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [getfield [IP::client_addr] % 1]"
} else {
HTTP::header insert X-Forwarded-For [getfield [IP::client_addr] % 1
}
}
However, I do see this message in viewing the log
invoked from within "HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [getfield [IP::client_addr] % 1]""
local/tmm err tmm[5538]: 01220001:3: TCL error: x-forwarded-for_single - Operation not supported (line 1)
What is the getfield entry do? And is that causing the issue. Does the messages in the logs means the irule is failing all the time.
The reason I ask is we have one app group who has an intermittent issue with windows times out when they envoke a trade symbol in their application and I've gone through all the configs without having an luck. Could it be possible that this might be causing the issue.
I do know the below irule would work, just wanted some input from those who are more experienced.
when HTTP_REQUEST {
if {[HTTP::header exists X-Forwarded-For]}{
HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]"
} else {
HTTP::header insert X-Forwarded-For [IP::client_addr]
}
}
nitassEmployee
What is the getfield entry do? And is that causing the issue. Does the messages in the logs means the irule is failing all the time.i guess you are using route domain. getfield is used to remove route domain part from IP::client_addr.[root@ve1023:Active] config b rule initrule list rule initrule { when RULE_INIT { log local0. "\[getfield 1.1.1.1 % 1\]: [getfield 1.1.1.1 % 1]" log local0. "\[getfield 1.1.1.1%123 % 1\]: [getfield 1.1.1.1%123 % 1]" log local0. "\[getfield 1.1.1.1%123 % 2\]: [getfield 1.1.1.1%123 % 2]" } } [root@ve1023:Active] config cat /var/log/ltm Feb 8 22:54:57 local/tmm info tmm[4369]: Rule initrule : [getfield 1.1.1.1 % 1]: 1.1.1.1 Feb 8 22:54:57 local/tmm info tmm[4369]: Rule initrule : [getfield 1.1.1.1%123 % 1]: 1.1.1.1 Feb 8 22:54:57 local/tmm info tmm[4369]: Rule initrule : [getfield 1.1.1.1%123 % 2]: 123- nitassi do not think the irule fails all the time. it looks okay to me. can you add more log command or capture packet while problem is happening?
[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { log local0. "\[getfield \[IP::client_addr\] % 1\]: [getfield [IP::client_addr] % 1]" if {[HTTP::header exists X-Forwarded-For]}{ log local0. "\[HTTP::header X-Forwarded-For\]: [HTTP::header X-Forwarded-For]" HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [getfield [IP::client_addr] % 1]" } else { HTTP::header insert X-Forwarded-For [getfield [IP::client_addr] % 1] } } } X-Forwarded-For header exists in request. [root@ve1023:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.253(43292) <-> 172.28.19.79(80) 1328770680.1202 (0.0030) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8r zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* X-Forwarded-For: 1.1.1.1 --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(43292) <-> 200.200.200.101(80) 1328770680.1222 (0.0011) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8r zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* X-Forwarded-For: 1.1.1.1, 172.28.19.253 --------------------------------------------------------------- [root@ve1023:Active] config cat /var/log/ltm Feb 8 22:57:41 local/tmm notice tmm[4369]: 013e0001:5: Tcpdump starting bcast on :::0 from 127.1.1.1:44072 Feb 8 22:58:00 local/tmm info tmm[4369]: Rule myrule : [getfield [IP::client_addr] % 1]: 172.28.19.253 Feb 8 22:58:00 local/tmm info tmm[4369]: Rule myrule : [HTTP::header X-Forwarded-For]: 1.1.1.1 Feb 8 22:58:03 local/tmm notice tmm[4369]: 013e0002:5: Tcpdump stopping on 127.1.1.2:3936 from 127.1.1.1:44072 X-Forwarded-For does not exist. [root@ve1023:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.253(43294) <-> 172.28.19.79(80) 1328770729.9791 (0.0019) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8r zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(43294) <-> 200.200.200.101(80) 1328770729.9802 (0.0010) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8r zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* X-Forwarded-For: 172.28.19.253 --------------------------------------------------------------- [root@ve1023:Active] config cat /var/log/ltm Feb 8 22:58:44 local/tmm notice tmm[4369]: 013e0001:5: Tcpdump starting bcast on :::0 from 127.1.1.1:34286 Feb 8 22:58:49 local/tmm info tmm[4369]: Rule myrule : [getfield [IP::client_addr] % 1]: 172.28.19.253 Feb 8 22:58:52 local/tmm notice tmm[4369]: 013e0002:5: Tcpdump stopping on 127.1.1.2:3937 from 127.1.1.1:34286