Forum Discussion

sgoodliff_83611's avatar
sgoodliff_83611
Icon for Nimbostratus rankNimbostratus
Nov 22, 2007

X-Forwarded-For

    Hello,     I've been trying to extract the X-forwarded-For variable with a irule. But when I do something like this.     when HTTP_REQUEST {   set headers [HTTP::header names...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 23, 2007
Hi Steve,

What version are you running? There is an issue in versions prior to 9.4.x where you can't get the value for anything but the first header when the request or response has multiple headers with the same name.

http://devcentral.f5.com/wiki/default.aspx/iRules/http__header (Click here)

HTTP::header values

* Returns value(s) of the HTTP header named . Note that the command will return the values all of the headers if there are multiple headers with the same name. If there is a single value for the HTTP header, that value will be returned.

* (This subcommand was added in v9.4.0)

HTTP::header names

* Returns a list of all the headers present in the request or response.

* In v9.4.0 and higher, multiple headers with the same name will be listed multiple times.

So if you're running 9.4.0 or higher, you could use:


when HTTP_REQUEST {
   log local0. "X-Forwarded-For: [HTTP::header values {X-Forwarded-For}]"
}

Another thing to try would be to verify that the XFF header with the original client IP is actually in the request coming from the proxy server. You could run a tcpdump to check this:

tcpdump -ni 0.0 -Xs0 host PROXY_SERVER_IP

Aaron