For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jean_Mamène's avatar
Jean_Mamène
Icon for Cirrus rankCirrus
Apr 28, 2023

X-Forwarded-Proto on policy

Hi, I have a vhost with a policy proxypass to redirect the HOST dns on the pool with somes different option. I want to add X-Forwarded-Proto option in the policy but after somes try I couldn't get ...
application delivery
Jean_Mamène's avatar
Jean_Mamène
Icon for Cirrus rankCirrus
May 03, 2023

I can add a specific irule, but I need to match host condition to add xfp.
Because I have one vhost with a proxyass with more 100+ host on.

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    May 03, 2023

    Jean_Mamène If you need a specific host header value to be matched and it's a long list you can create a data-group then in that data-group you add an entry for each host value and then perform a match in your iRule and the action to take would be to add in the XFP header similar to the following.

    when HTTP_REQUEST priority 500 {

    if { [class match --value [HTTP::host] == CLASS-XFP-HOSTS] } {
        HTTP::header insert "X-Forwarded-Proto" "https"
    }

}

    The following is an example of the data-group that you can import quickly through the cli using the "load sys config from-terminal merge" command and then pasting in the data-group. You would only have to adjust the host names in the data-group to your list before pasting it into the CLI.

    ltm data-group internal CLASS-XFP-HOSTS {
    records {
        www1.example.com { }
        www2.example.com { }
        www3.example.com { }
    }
    type string
}