Forum Discussion
Jean_Mamène
Cirrus
CirrusX-Forwarded-Proto on policy
Hi,
I have a vhost with a policy proxypass to redirect the HOST dns on the pool with somes different option.
I want to add X-Forwarded-Proto option in the policy but after somes try I couldn't get it to work.
"3. Insert HTTP Header named 'X-Forwarded-Proto' with value 'https' at response time." don't work
Please, somes ideas ?
Regards
- Paulius
MVP
Jean_Mamène This should be what you're looking for.
Jean_MamèneHi,
It's for an http profile. I need to set this on policy.
Regards- Paulius
Jean_Mamène That is correct and it is the easiest and least complex way of configuring this. Any particular reason this cannot be done in an HTTP profile? I don't believe this can be done properly through a policy and would have to be done in an iRule and applied to the 443 virtual server only.
when HTTP_REQUEST priority 500 { HTTP::header insert "X-Forwarded-Proto" "https" }
- Jean_Mamène
I can add a specific irule, but I need to match host condition to add xfp.
Because I have one vhost with a proxyass with more 100+ host on.- Paulius
Jean_Mamène If you need a specific host header value to be matched and it's a long list you can create a data-group then in that data-group you add an entry for each host value and then perform a match in your iRule and the action to take would be to add in the XFP header similar to the following.
when HTTP_REQUEST priority 500 { if { [class match --value [HTTP::host] == CLASS-XFP-HOSTS] } { HTTP::header insert "X-Forwarded-Proto" "https" } }The following is an example of the data-group that you can import quickly through the cli using the "load sys config from-terminal merge" command and then pasting in the data-group. You would only have to adjust the host names in the data-group to your list before pasting it into the CLI.
ltm data-group internal CLASS-XFP-HOSTS { records { www1.example.com { } www2.example.com { } www3.example.com { } } type string }
