Forum Discussion
MSK_222682
Nimbostratus
NimbostratusX-Forwarded-For header
Hi All,
My application team requirement is to able to see the actual client ip address whoever accessing the application instead of BIG IP address as SNAT (Auto map) is enabled.
I have read some SOL on it and understand that we can achieve this by iRule & HTTP profile. However, my requirement is to have an iRule as we can take decision whether to add X-Forwarded-For header to client requests.
Can anyone please share the iRule script pertaining to this requirement.
Thanks in advance,
MSK
Vitaliy_SavransNacreous
Hi, if you want to add X-Forwarded-For header you can use:
when HTTP_REQUEST { HTTP::header replace X-Forwarded-For [IP::client_addr] }
MSK_222682Hi Vitaliy, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it, which shouldn't be the case as per my requirement. -MSK- Vitaliy_SavransThis irule will insert the header if it wasn't present or replace the value.
Yann_DesmarestCirrus
Hello,
You can use the following :
when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }- MSK_222682Hi Yann, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it ?? Looking at the script my understanding is it would check if X-Forwarded-For header exists but cannot understand the replace and insert statements of the script. Can you please shed some light on it. -MSK
- Yann_DesmarestHello, The irule provided add the client ip to an existing X- header otherwise, it will add a new one with the clientip. Insert allow you to add a new header. Replace add a new header if there is no existing header with the same name, otherwise it changes the value of an existing x- header
- Vitaliy_Savransabout statements https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx
Yann_Desmarest_Hello,
You can use the following :
when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }- MSK_222682Hi Yann, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it ?? Looking at the script my understanding is it would check if X-Forwarded-For header exists but cannot understand the replace and insert statements of the script. Can you please shed some light on it. -MSK
- Yann_Desmarest_Hello, The irule provided add the client ip to an existing X- header otherwise, it will add a new one with the clientip. Insert allow you to add a new header. Replace add a new header if there is no existing header with the same name, otherwise it changes the value of an existing x- header
- Vitaliy_Savransabout statements https://clouddocs.f5.com/api/irules/HTTP__header.html