Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Proxy Protocol Initiator

Problem this snippet solves:

iRule Support for BIG-IP sending Proxy header to serverside pool member. (BIG-IP as Proxy Protocol Initiator)

Implements v1 of PROXY protocol at: http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt

How to use this snippet:

Add iRule to Virtual Server. Back-end server should accept Proxy header.

Code :

when CLIENT_ACCEPTED {
    set proxyheader "PROXY "
    if {[IP::version] eq 4} {
        append proxyheader "TCP4 "
    } else {
        append proxyheader "TCP6 "
    }
    append proxyheader "[IP::remote_addr] [IP::local_addr] [TCP::remote_port] [TCP::local_port]\r\n"
}

when SERVER_CONNECTED {
    TCP::respond $proxyheader
}

### Alternate Optimized Version ###
when CLIENT_ACCEPTED {
    set proxyheader "PROXY TCP[IP::version] [IP::remote_addr] [IP::local_addr] [TCP::remote_port] [TCP::local_port]\r\n"
}
 
when SERVER_CONNECTED {
    TCP::respond $proxyheader
}

Tested this on version:

11.6
Published Sep 02, 2015
Version 1.0

17 Comments

No CommentsBe the first to comment