Forum Discussion

asayer_6572's avatar
asayer_6572
Icon for Nimbostratus rankNimbostratus
May 19, 2008

XForwarded with https?

Hi guys,   sorry if this is a noob question but I am trying to pass the client IP address to the back end web server over https.   I have setup client-side SSL termination and server-side...
application delivery
dev
devops
iRules
asayer_6572's avatar
asayer_6572
Icon for Nimbostratus rankNimbostratus
May 20, 2008
Thanks for the responses.

I agree it should be pretty simple however I thought I was stupid when it didnt work.

I took a look at /var/log/ltm and didnt see anything that pointed me to what the problem was.

I have also created a service request with F5

Here is the relevent sections from the bigip.conf

(sorry my company is a bit funny about posting stuff to teh internet) 

  
  profile serverssl portaltest_server {  
     defaults from serverssl  
     cert "portaltest_server.crt"  
  }  
  profile serverssl authtest_server {  
     defaults from serverssl  
     cert "authtest_server.crt"  
  }  
  profile http http_xforward {  
     defaults from http  
     insert xforwarded for enable  
  }  
  profile http https_xforward {  
     defaults from http  
     redirect rewrite all  
     insert xforwarded for enable  
  }  
  node 192.168.222.237 {  
     screen linagwtest1  
  }  
  node 192.168.222.235 {  
     screen linidptest1  
  }  
  node 192.168.222.238 {  
     screen linagwtest2  
  }  
  node 192.168.222.236 {  
     screen linidptest2  
  }  
  pool NAM-authtest-https {  
     monitor all https  
     member 192.168.222.235:https session disable  
     member 192.168.222.236:https  
    
  pool NAM-portaltest-http {  
     member 192.168.222.237:http  
     member 192.168.222.238:http  
  }  
  pool NAM-portaltest-https {  
     monitor all https  
     member 192.168.222.237:https  
     member 192.168.222.238:https  
  pool NAM-authtest-http {  
     member 192.168.222.235:http  
     member 192.168.222.236:http  
  }  
  rule X-Forward-For {  
     when HTTP_REQUEST {        
  HTTP::header insert X-Forwarded-For [IP::remote_addr]        
  }  
  virtual DMZ-to-NAM-authtest {  
     destination 192.168.222.124:https  
     snat automap  
     ip protocol tcp  
     pool NAM-authtest-https  
  }  
  virtual DMZ-to-NAM-portaltest {  
     destination 192.168.222.123:https  
     snat automap  
     ip protocol tcp  
     profile authtest.worksafe.vic.gov.au http_xforward portaltest_server tcp  
     pool NAM-portaltest-https  
     rule X-Forward-For  
  }  
     virtual DMZ-to-NAM-authtest-redirect-to-https {  
     destination 192.168.222.124:http  
     snat automap  
     ip protocol tcp  
     profile https_rewrite tcp  
     rule http-redirect-to-https-portaltest.worksafe.vic.gov.au  
  }  
     virtual DMZ-to-NAM-portaltest-redirect-to-https {  
     destination 192.168.222.123:http  
     snat automap  
     ip protocol tcp  
     profile https_rewrite tcp  
     rule http-redirect-to-https-portaltest.worksafe.vic.gov.au_uri  
  }