X-Forwarded-For problem?

Question

Hi    
        
    I have a iRules as follow:    
        
    when HTTP_REQUEST {    
      if { [HTTP::header exists "X-Forwarded-For"] } {    
        set xForwardedNum [HTTP::header count "X-Forwarded-For"]    
        log local0. "Removing - X-Forwarded-For: $xForwardedNum"    
        if { $xForwardedNum &gt; 0 } {    
          if attack X-ForwardNum greater than 0, remove and reinsert X-Forwarded-For.    
          log local0. "Removing and Reinsert - X-Forwarded-For."    
          HTTP::header remove "X-Forwarded-For"    
          HTTP::header insert "X-Forwarded-For" [IP::client_addr]    
        }    
      }    
    }

Then I had did enable "Insert XForwarded For" in http profile. I can get log as follow:    
    Dec 26 11:06:22 tmm tmm[1143]: Rule iRules_secret_snat : Removing - X-Forwarded-For: 0    
        
    However, I have do insert "X-Forwarded-For" by "Request Builder"(A tool can add header in client request). Then I can get log as follow:    
    Dec 26 11:06:08 tmm tmm[1143]: Rule iRules_secret_snat : Removing - X-Forwarded-For: 2    
        
    Why [HTTP::header count "X-Forwarded-For"] is zero when enable "Insert XForwarded For" in http profile? 
  
 Then I modified iRules as follow: 
  
 when HTTP_REQUEST { 
   HTTP::header insert "X-Forwarded-For" [IP::client_addr] 
   if { [HTTP::header exists "X-Forwarded-For"] } { 
     set xForwardedNum [HTTP::header count "X-Forwarded-For"] 
     set xForwardedValue [HTTP::header value "X-Forwarded-For"] 
     log local0. "Removing - X-Forwarded-For: $xForwardedNum $xForwardedValue." 
     if { $xForwardedNum &gt; 0 } { 
       if attack X-ForwardNum greater than 0, remove and reinsert X-Forwarded-For. 
       log local0. "Removing and Reinsert - X-Forwarded-For." 
       HTTP::header remove "X-Forwarded-For" 
       HTTP::header insert "X-Forwarded-For" [IP::client_addr] 
     } 
   } 
 }

I can get log as follow: 
 Dec 26 11:36:57 tmm tmm[1143]: Rule iRules_secret_snat : Removing - X-Forwarded-For: 0 10.10.100.13.

hoolio · Answer

Oddly enough, HTTP::header count "header-name" starts counting at 0.  So you can't tell just from using HTTP::header count "X-Forwarded-For" whether there is no header or one header.  I'd call this a bug.  If you'd like F5 to address this, you could open a case with F5 Support. 
&nbsp;  
&nbsp; A simple workaround would be to set the HTTP profile to remove the X-Forwarded-For header in the 'Request Header Erase' field.  You could then enable the 'Insert XForwarded For' option in the profile and avoid using an iRule altogether.  The header to erase option is handled before the insert.  So any existing XFF headers would be removed and then LTM would insert a new XFF header with the client IP address it received. 
&nbsp;  
&nbsp; Aaron

hoolio · Answer

F5 created CR114612 to track this bug where HTTP::header count returns one less than the actual number of headers.  You can check with F5 Support or the release notes for status on this CR. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

X-Forwarded-For problem?

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Extracting X-Forwarded-For in Node.js

X-Forwarded-For Log Filter for Windows Servers

X Forwarded For Single Header Insert

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

X-Forwarded-For not working

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS