Forum Discussion
Joe_Fontes_4518
Nimbostratus
NimbostratusX-Forwarded-For iRule
To start I am very new to F5 products and thus know nothing about iRules. The only thing I know is what I need one to do.
I have enabled the X-Forwarded-For option for the sites and they are logging correctly. The issue I am having is that I get the client address when the requests come through the LB but is there any way to create an iRule that swaps out the actual host instead of needing the X-Forwarded-For?
The reason I ask is that we have some traffic that goes directly to the site's IP address and thus does not set that variable. So right now I can either log traffic going directly to the machine OR traffic coming from the LB not both. This is really starting to mess with our stats reporting.
Any ideas?
hooleylistCirrostratus
The reason you would only see the BIG-IP's self IP or SNAT address as the source is if you have SNAT enabled on the VIP. Typically this is done in a network where the nodes aren't configured with the BIG-IP as their default gateway.
If you were able to either set the default gateway on the nodes to the BIG-IP or configure routing that guaranteed all responses to clients that made requests through the BIG-IP would be sent back through the BIG-IP you could disable the SNAT and preserve the original client IP address.
If changing the routing isn't an option then you would need to use a SNAT and insert the original client IP address in the XFF header.
Dev posted a DLL that you can install on IIS servers to parse the XFF header if it's present and log the value as the c-IP.
Note: "If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used."
So I would expect this should work for you regardless of whether the client is going through the BIG-IP or not.
Aaron
http://devcentral.f5.com/Default.aspx?tabid=38
Author: Joe Pruitt
Date Uploaded: 9/20/2005 12:22:32 AM
File Description:
This IIS ISAPI filter will look for the X-Forwarded-For header in the HTTP request and, if it finds one, it will replace the c-ip (client ip) in the W3SVC log traces with the value of the X-Forwarded-For header.
This is useful when servers are sitting behind a VIP and have no view on the true client IP address. BIG-IP has the ability to add the client ip as the X-Forwarded-For header and when that is done, this filter will replace the internal address of the BIG-IP with the true client address (or at least what is presented on the client side of the connection to the BIG-IP). If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used.
To install: Simply add this filter to your IIS Web Site in the IIS admin utility.
Joe_Fontes_4518Thank you for the responce and as suggested, changing the default route is not an option.
I had found that dll you referred to during a search of the forums although we are running Apache web servers.
I thought this might be easier to find a solution on the F5 side rather than looking for a solution to 100+ machines. I will look around for an apache solution and post up what I find but if anyone has any suggestions.....- If all you want to do is modify the host header (that's what I'm reading from the first message in the thread), then you can use the HTTP::host command to modify that value.
when HTTP_REQUEST { HTTP::host "newhostname" }
You'll just have to make sure that your web servers are configured to serve up traffic for requests.
If I read the question wrong, the please disregard...
-Joe - JRahm
Admin
It was my understanding that HTTP::host can only be returned, not set. Is this not correct? I get an error when I try that syntax. - I stand corrected. I'm not sure why that is read-only but the workaround is to do a HTTP::header replace command on the Host header.
when HTTP_REQUEST { HTTP::header replace "Host" "newhostname" }
That one should work...
-Joe
