Forum Discussion
Andy_O_4935
Nimbostratus
NimbostratusX-Forwarded-for Header Insertion
In a lab setup, I wrote an irule to insert an X-forwarder-for header if one doesn't exist and using snat automap.
The Ip address I see on the webserver is the SNAT (floating) IP address which is what I'm supposed to see (using tcpdump)
However, I'm not able to see the X-forwarded-for header inserted using tcpdump.
Is there another easy way to see this header?
Thanks
11 Replies
ArieAltostratus
Have you considered using the standard "insert X-forwarded-for" option in the profile?- richard_77048I would either configure my webserver to log the X-Forwarded-For header and look in the access logs or capture a bunch of packet with the -w outfile option and then look at it in Wireshark. You can then use the "Follow TCP Stream" option in Wireshark.
Richard 
Andy_O_4935Hi Arie,
I need to have a single X-forwarded-for header...the profile will insert another one if a header already exists.
with the irule I can replace the existing one or create a new single header if one doesn't exist.
Richard,
i'll try to write the output to a file and use wireshark.Thanks for your reply.
Michael_YatesHi Andy,
You could always just check it by logging it to your LTM Log to make sure that it is correct.
Here is an example:when HTTP_REQUEST { if { [HTTP::header exists "X-Forwarded-For"] } { log local0. "X-Forward IP: [HTTP::header values "X-Forwarded-For"]" log local0. "Client IP: [IP::client_addr]" } }
Hope this helps.- ArieAh - I hadn't caught on to the fact that this header could already exist in your setup.
Can you grab the packet capture on the web server? That would probably be the best place to see what the LTM is sending. Also, keep in mind that not all web servers will log the X-forwarded-for-header; you may need to configure this. 
Kurt_Knochner_5Cirrus
In a lab setup, I wrote an irule to insert an X-forwarder-for header if one doesn't exist and using snat automap.The Ip address I see on the webserver is the SNAT (floating) IP address which is what I'm supposed to see (using tcpdump)However, I'm not able to see the X-forwarded-for header inserted using tcpdump
Hi,
did you check /var/log/ltm for TCL errors? If there are runtime errors while your iRule executes, the header will not be replaced!
Sample iRule:when HTTP_REQUEST { HTTP::header replace "X-Forward-For" [IP::client_addr] check /var/log/ltm !! log local0. "[HTTP::request]" }
Regards
Kurt Knochner- nitass
Employee
this is mine.[root@iris:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.17.33:http ip protocol tcp rules myrule profiles { http {} tcp {} } } [root@iris:Active] config b pool foo list pool foo { members 10.10.70.110:http {} } [root@iris:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if {not [HTTP::header exists "X-Forwarded-For"]} { HTTP::header insert X-Forwarded-For [IP::client_addr] } } } [root@iris:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.17.20(54179) <-> 172.28.17.33(80) 1320232511.5958 (0.0011) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- New TCP connection 2: 10.10.72.30(54179) <-> 10.10.70.110(80) 1320232511.5962 (0.0003) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* X-Forwarded-For: 172.28.17.20- Arun_02_139047Hi Guys - I have a requirement to use Insert X-Forwarded-For for a TCP Profile. Can you guys advise how I can do that? I have RabbitMQ Queues behind F5 on TCP port 5672. Thanks! -arun.
nitass_89166Noctilucent
this is mine.[root@iris:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.17.33:http ip protocol tcp rules myrule profiles { http {} tcp {} } } [root@iris:Active] config b pool foo list pool foo { members 10.10.70.110:http {} } [root@iris:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if {not [HTTP::header exists "X-Forwarded-For"]} { HTTP::header insert X-Forwarded-For [IP::client_addr] } } } [root@iris:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.17.20(54179) <-> 172.28.17.33(80) 1320232511.5958 (0.0011) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- New TCP connection 2: 10.10.72.30(54179) <-> 10.10.70.110(80) 1320232511.5962 (0.0003) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* X-Forwarded-For: 172.28.17.20- Arun_02_139047Hi Guys - I have a requirement to use Insert X-Forwarded-For for a TCP Profile. Can you guys advise how I can do that? I have RabbitMQ Queues behind F5 on TCP port 5672. Thanks! -arun.
- Kevin_Stewart
I have a requirement to use Insert X-Forwarded-For for a TCP Profile. Can you guys advise how I can do that?
The X-Forwarded-For header is only for HTTP traffic. Assuming you need this to send the client's true source address to the server with SNAT applied, you might be able to inject the source into the TCP payload, but that depends entirely on the protocol and the server's ability to retrieve it.
