How can I remove an X-Forwarded-For header from a malformed http datagram?

Wasfi_Bounni · ‎12-May-2021

Hi;

I have a device "before the F5" that inserts an X-Forwarded-For (XFF) header into a http datagram. The datagram is originated from a user's browser set to point explicitly at a proxy, thus all TLS data will be encapsulated in a http datagram destined to port 8080. There is no issue for the initial "CONNECT" method datagram at all.

The issue is when this device inserts the XFF header in the subsequent client hello. The XFF header is inserted right at the end of the datagram, the F5 load balances it to the proxy and the proxy drops it as it cannot understand it.

My question is: how can I remove this XFF header to restore the original client hello into its original form.

Kindly

Wasfi

Nikoolayy1 · ‎12-May-2021

Why don't you try "HTTP::header remove <name>"?

https://clouddocs.f5.com/api/irules/HTTP__header.html

Still you may also look at /var/log/ltm and disable the "Enforcement" option in the http profile:

https://support.f5.com/csp/article/K40243113

Also just in case check the error message in the bug tracker:

https://support.f5.com/csp/bug-tracker?sf189923893=1

View solution in original post

Nikoolayy1 · ‎12-May-2021