Forum Discussion
x-forwarded-proto + F5 + Drupal issues
my client has setup F5 and doing ssl offloading. I'm using drupal application on linux RedHat.
network team has set the x-forwarded-proto header on F5 device.
I've added RequestHeader add X-Forwarded-Proto https in my httpd.conf file
and in settings.php (of drupal) i've added below
when a request is made using https:// to load balancer it is routing the request to app server and everything loads just fine, however if the request is just http:// to load balancer then my app server is converting all references to resources (images/ css/ scripts) as https://
when the request is handed over to app server, will it carry or expected to carry the x-forwarded-proto in headers received by app server?
I'm confused on what to do, where to fix.
- shaggyNimbostratus
Check to make sure they did not enable x-forwarded-for on the HTTP F5 virtual server that the application uses. If you enable HTTPS in drupal only when the x-forwarded-for header is set, then enabling x-forwarded-for on the http virtual server on the f5 (which is a normal thing to do) could cause undesirable application effects
Also, as I am unfamiliar with drupal, what does "$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'" do? the contents of a legitimate x-forwarded-for header will never contain the text "https"
if you just add the x-forwarded-proto header via an iRule then nothing more is added.
in general the F5 BIG-IP just passes traffic. you can have it add headers via iRule or for example the x-forwarded-for header via the HTTP profile. but that is config you do. the F5 BIG-IP isn't going to add headers itself without being told to do so.
- Hassan_Ali_1810Nimbostratus
thanks for the response. can you at least tell me what additional headers (when someone sends a http or https request) we should expect from F5 load balancer after adding the x-forwarded-proto as the irule?
not to be unkind but shouldn't you take this up with your network team? they changed something, have them check if what they did is correct. also read up on what is required on the apache / drupal side.
i would double check the header isn't by accident send / send incorrectly when you connect via http.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com