Forum Discussion
Joe_Fontes_4518
Nimbostratus
NimbostratusX-Forwarded-For iRule
To start I am very new to F5 products and thus know nothing about iRules. The only thing I know is what I need one to do.
I have enabled the X-Forwarded-For option for the sites and they are logging correctly. The issue I am having is that I get the client address when the requests come through the LB but is there any way to create an iRule that swaps out the actual host instead of needing the X-Forwarded-For?
The reason I ask is that we have some traffic that goes directly to the site's IP address and thus does not set that variable. So right now I can either log traffic going directly to the machine OR traffic coming from the LB not both. This is really starting to mess with our stats reporting.
Any ideas?
5 Replies
hoolioCirrostratus
The reason you would only see the BIG-IP's self IP or SNAT address as the source is if you have SNAT enabled on the VIP. Typically this is done in a network where the nodes aren't configured with the BIG-IP as their default gateway.
If you were able to either set the default gateway on the nodes to the BIG-IP or configure routing that guaranteed all responses to clients that made requests through the BIG-IP would be sent back through the BIG-IP you could disable the SNAT and preserve the original client IP address.
If changing the routing isn't an option then you would need to use a SNAT and insert the original client IP address in the XFF header.
Dev posted a DLL that you can install on IIS servers to parse the XFF header if it's present and log the value as the c-IP.
Note: "If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used."
So I would expect this should work for you regardless of whether the client is going through the BIG-IP or not.
Aaron
http://devcentral.f5.com/Default.aspx?tabid=38
Author: Joe Pruitt
Date Uploaded: 9/20/2005 12:22:32 AM
File Description:
This IIS ISAPI filter will look for the X-Forwarded-For header in the HTTP request and, if it finds one, it will replace the c-ip (client ip) in the W3SVC log traces with the value of the X-Forwarded-For header.
This is useful when servers are sitting behind a VIP and have no view on the true client IP address. BIG-IP has the ability to add the client ip as the X-Forwarded-For header and when that is done, this filter will replace the internal address of the BIG-IP with the true client address (or at least what is presented on the client side of the connection to the BIG-IP). If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used.
To install: Simply add this filter to your IIS Web Site in the IIS admin utility.
Joe_Fontes_4518Thank you for the responce and as suggested, changing the default route is not an option.
I had found that dll you referred to during a search of the forums although we are running Apache web servers.
I thought this might be easier to find a solution on the F5 side rather than looking for a solution to 100+ machines. I will look around for an apache solution and post up what I find but if anyone has any suggestions.....- If all you want to do is modify the host header (that's what I'm reading from the first message in the thread), then you can use the HTTP::host command to modify that value.
when HTTP_REQUEST { HTTP::host "newhostname" }
You'll just have to make sure that your web servers are configured to serve up traffic for requests.
If I read the question wrong, the please disregard...
-Joe - JRahm
Admin
It was my understanding that HTTP::host can only be returned, not set. Is this not correct? I get an error when I try that syntax. - I stand corrected. I'm not sure why that is read-only but the workaround is to do a HTTP::header replace command on the Host header.
when HTTP_REQUEST { HTTP::header replace "Host" "newhostname" }
That one should work...
-Joe
