X Forwarded For Single Header Insert
Problem this snippet solves:
Many servers and applications expect only a single X-Forwarded-For header per request. However, the BIG-IP HTTP profile option appends a new X-Forwarded-For header to the existing set of HTTP headers, even if there is an existing X-Forwarded-For header in the request. Both approaches are valid according to Section 4.2 of RFC2616. F5 Networks Product Development is tracking a Request for Enhancement as CR107639 for BIG-IP to instead append the value to the last existing X-Forwarded-For header. For applications expecting a single X-Forwarded-For header, it is possible to use an iRule like this one instead of the HTTP profile option to append the client IP value to the end of any existing X-Forwarded-For: header.
Code :
when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else { HTTP::header insert X-Forwarded-For [IP::client_addr] } }
- JurajCirrus
The HTTP::header page says about
the following:HTTP::header replace []
 
Replaces the value of the last occurrence of the header named with the string . This command performs a header insertion if the header was not present. If there are multiple instances of the header, only the last instance is replaced.
 
 
Just wondering, wouldn't it be safer to remove all existing instances of
first, and then insert our own? That would make sure there's really only one instance ofX-Forwarded-For
passed to the back-end web application:X-Forwarded-For
 
when HTTP_REQUEST { HTTP::header remove X-Forwarded-For HTTP::header insert X-Forwarded-For [IP::client_addr] }
- ooo_226278Nimbostratus
Thank you for a clean solution!