Forum Discussion
MSK_222682
Mar 24, 2016Nimbostratus
X-Forwarded-For header
Hi All,
My application team requirement is to able to see the actual client ip address whoever accessing the application instead of BIG IP address as SNAT (Auto map) is enabled.
I have read some SOL on it and understand that we can achieve this by iRule & HTTP profile. However, my requirement is to have an iRule as we can take decision whether to add X-Forwarded-For header to client requests.
Can anyone please share the iRule script pertaining to this requirement.
Thanks in advance,
MSK
- Vitaliy_SavransNacreous
Hi, if you want to add X-Forwarded-For header you can use:
when HTTP_REQUEST { HTTP::header replace X-Forwarded-For [IP::client_addr] }
- MSK_222682NimbostratusHi Vitaliy, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it, which shouldn't be the case as per my requirement. -MSK
- Vitaliy_SavransNacreousThis irule will insert the header if it wasn't present or replace the value.
Hello,
You can use the following :
when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }
- MSK_222682NimbostratusHi Yann, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it ?? Looking at the script my understanding is it would check if X-Forwarded-For header exists but cannot understand the replace and insert statements of the script. Can you please shed some light on it. -MSK
- Hello, The irule provided add the client ip to an existing X- header otherwise, it will add a new one with the clientip. Insert allow you to add a new header. Replace add a new header if there is no existing header with the same name, otherwise it changes the value of an existing x- header
- Vitaliy_SavransNacreousabout statements https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx
- Yann_Desmarest_Nacreous
Hello,
You can use the following :
when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }
- MSK_222682NimbostratusHi Yann, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it ?? Looking at the script my understanding is it would check if X-Forwarded-For header exists but cannot understand the replace and insert statements of the script. Can you please shed some light on it. -MSK
- Yann_Desmarest_NacreousHello, The irule provided add the client ip to an existing X- header otherwise, it will add a new one with the clientip. Insert allow you to add a new header. Replace add a new header if there is no existing header with the same name, otherwise it changes the value of an existing x- header
- Vitaliy_SavransNacreousabout statements https://clouddocs.f5.com/api/irules/HTTP__header.html
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects