cancel
Showing results for 
Search instead for 
Did you mean: 

How can I remove an X-Forwarded-For header from a malformed http datagram?

Wasfi_Bounni
Cirrostratus
Cirrostratus

Hi;

 

I have a device "before the F5" that inserts an X-Forwarded-For (XFF) header into a http datagram. The datagram is originated from a user's browser set to point explicitly at a proxy, thus all TLS data will be encapsulated in a http datagram destined to port 8080. There is no issue for the initial "CONNECT" method datagram at all.

 

The issue is when this device inserts the XFF header in the subsequent client hello. The XFF header is inserted right at the end of the datagram, the F5 load balances it to the proxy and the proxy drops it as it cannot understand it.

 

My question is: how can I remove this XFF header to restore the original client hello into its original form.

 

Kindly

Wasfi

 

 

 

 

1 ACCEPTED SOLUTION

Why don't you try "HTTP::header remove <name>"?

 

https://clouddocs.f5.com/api/irules/HTTP__header.html

 

 

 

Still you may also look at /var/log/ltm and disable the "Enforcement" option in the http profile:

 

https://support.f5.com/csp/article/K40243113

 

 

 

 

Also just in case check the error message in the bug tracker:

 

https://support.f5.com/csp/bug-tracker?sf189923893=1

View solution in original post

1 REPLY 1

Why don't you try "HTTP::header remove <name>"?

 

https://clouddocs.f5.com/api/irules/HTTP__header.html

 

 

 

Still you may also look at /var/log/ltm and disable the "Enforcement" option in the http profile:

 

https://support.f5.com/csp/article/K40243113

 

 

 

 

Also just in case check the error message in the bug tracker:

 

https://support.f5.com/csp/bug-tracker?sf189923893=1