Hi Doran,
you could streamline your iRule by moving the protocol enumeration into the
CLIENT_ACCEPTED
event (triggered only once every TCP connection), store the enumeration result into a
$variable
and then reference the
$variable
on every subsequent
HTTP_REQUEST
event. This approach will greatly reduce the overhead for Keep-Alive-Connections.
when CLIENT_ACCEPTED {
if { [PROFILE::exists clientssl] } then {
set client_protocol "https"
} else {
set client_protocol "http"
}
}
when HTTP_REQUEST {
HTTP::header remove "X-Forwarded-Proto"
HTTP::header insert "X-Forwarded-Proto" $client_protocol
HTTP::header remove "X-Forwarded-Port"
HTTP::header insert "X-Forwarded-Port" [TCP::local_port]
}
Note: In addition you should review your application if it would introduce certain risks if the client sends handcrafted X-Forwarded-Proto and X-Forwarded-Port headers to your application. If this scenario introduce some risks or if you can figure out the assosiated risks, then make sure to [HTTP::header remove]
any existing X-Forwarded-Proto
and X-Forwarded-Port
headers before [HTTP::header insert]
your verified values...
Cheers, Kai