Hi All, My application team requirement is to able to see the actual client ip address whoever accessing the application instead of BIG IP address as SNAT (Auto map) is enabled. I have read some SOL on it and understand that we can achieve this by iRule & HTTP profile. However, my requirement is to have an iRule as we can take decision whether to add X-Forwarded-For header to client requests. Can anyone please share the iRule script pertaining to this requirement. Thanks in advance, MSK

Hi, if you want to add X-Forwarded-For header you can use: when HTTP_REQUEST { HTTP::header replace X-Forwarded-For [IP::client_addr] }

Hello, You can use the following : when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }

Hi Vitaliy, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it, which shouldn't be the case as per my requirement. -MSK

Hi Yann, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it ?? Looking at the script my understanding is it would check if X-Forwarded-For header exists but cannot understand the replace and insert statements of the script. Can you please shed some light on it. -MSK

X-Forwarded-For header

Hi All, My application team requirement is to able to see the actual client ip address whoever accessing the application instead of BIG IP address as SNAT (Auto map) is enabled. I have read some SOL on it and understand that we can achieve this by iRule & HTTP profile. However, my requirement is to have an iRule as we can take decision whether to add X-Forwarded-For header to client requests. Can anyone please share the iRule script pertaining to this requirement. Thanks in advance, MSK

Vitaliy_Savrans
Nacreous
Mar 24, 2016
Hi, if you want to add X-Forwarded-For header you can use:

when HTTP_REQUEST { HTTP::header replace X-Forwarded-For [IP::client_addr] }
- MSK_222682
  Nimbostratus
  Mar 24, 2016
  Hi Vitaliy, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it, which shouldn't be the case as per my requirement. -MSK
- Vitaliy_Savrans
  Nacreous
  Mar 24, 2016
  This irule will insert the header if it wasn't present or replace the value.
Yann_Desmarest
Cirrus
Mar 24, 2016
Hello,

You can use the following :

when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }
- MSK_222682
  Nimbostratus
  Mar 24, 2016
  Hi Yann, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it ?? Looking at the script my understanding is it would check if X-Forwarded-For header exists but cannot understand the replace and insert statements of the script. Can you please shed some light on it. -MSK
- Yann_Desmarest
  Cirrus
  Mar 24, 2016
  Hello, The irule provided add the client ip to an existing X- header otherwise, it will add a new one with the clientip. Insert allow you to add a new header. Replace add a new header if there is no existing header with the same name, otherwise it changes the value of an existing x- header
- Vitaliy_Savrans
  Nacreous
  Mar 24, 2016
  about statements https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx
Yann_Desmarest_
Nacreous
Mar 24, 2016
Hello,

You can use the following :

when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }
- MSK_222682
  Nimbostratus
  Mar 24, 2016
  Hi Yann, Thanks for the quick response. Will this iRule insert X-Forwarded-For header for the client requests which already have it ?? Looking at the script my understanding is it would check if X-Forwarded-For header exists but cannot understand the replace and insert statements of the script. Can you please shed some light on it. -MSK
- Yann_Desmarest_
  Nacreous
  Mar 24, 2016
  Hello, The irule provided add the client ip to an existing X- header otherwise, it will add a new one with the clientip. Insert allow you to add a new header. Replace add a new header if there is no existing header with the same name, otherwise it changes the value of an existing x- header
- Vitaliy_Savrans
  Nacreous
  Mar 24, 2016
  about statements https://clouddocs.f5.com/api/irules/HTTP__header.html

Forum Discussion

X-Forwarded-For header

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

TCP Option 28 X-Forwarded-For Header

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

X Forwarded For Single Header Insert

Extracting X-Forwarded-For in Node.js

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS