Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Insert x-forwarded-proto and x-forwarded-port - Is this the correct way to do it?

Sean_McGirk_859
Nimbostratus
Nimbostratus

‎07-Aug-2015 14:45

One of my application owners approached me with the need to insert both x-forwarded-proto and x-forwarded-port. I have this iRule ready but am looking for some feedback on the syntax. Will this insert both? Thanks!

 

when HTTP_REQUEST { if {([TCP::local_port] ==443) and !( [HTTP::header "X-Forwarded-Proto"] eq "https") }{

 

HTTP::header insert X-Forwarded-Proto "https" }elseif {([TCP::local_port] ==443) and !( [HTTP::header "X-Forwarded-Port"] eq "443") }{

 

HTTP::header insert X-Forwarded-Port "443" }

 

}

 

Labels:
0 Kudos
5 REPLIES 5

Mohamed_Lrhazi
Altocumulus
Altocumulus

‎07-Aug-2015 16:09

Why are you testing for the port? That not known in advance? and why does it matter ? why are you testing for the header presence? who would have inserted it? Just curious!

 

https://devcentral.f5.com/wiki/irules.HTTP__header.ashx

 

0 Kudos

Stanislas_Piro2
Cumulonimbus
Cumulonimbus

‎10-Aug-2015 01:06

Hi,

 

In your irule, you add only one header, X-Forwarded-Proto or X-Forwarded-Port (else if statement).

 

Evaluate port 443 is not the best way to test if protocol is HTTPS. Evaluate SSL::mode instead.

 

Try the following irule.

 

when HTTP_REQUEST { if { [SSL::mode] == 1 } { if {!( [HTTP::header "X-Forwarded-Proto"] eq "https") }{ HTTP::header insert X-Forwarded-Proto "https" } if { !( [HTTP::header exists "X-Forwarded-Port"]) }{ HTTP::header insert X-Forwarded-Port [TCP::local_port] } }
0 Kudos

prvndeshmukh25
Nimbostratus
Nimbostratus
In response to Stanislas_Piro2

‎10-Mar-2023 06:28

Getting an error about 

01070151:3: Rule [/Common/x-Forwarded-Proto] error: /Common/x-Forwarded-Proto:2: error: [undefined procedure: ssl::mode][ssl::mode]

0 Kudos

PSFletchTheTek
MVP
MVP
In response to prvndeshmukh25

‎10-Mar-2023 07:17

Are you decrypting on the way in?
So you have a client ssl profile set? and more importantly the f5 can see the request coming in so it can add the header? To me its trying at add the header but ssl/encryption is in the way.

0 Kudos

prvndeshmukh25
Nimbostratus
Nimbostratus
In response to PSFletchTheTek

‎10-Mar-2023 07:44

Actaully instead of client ssl, trying iRule configuration as per script given above but getting an error which shared earlier..

0 Kudos
Copyright © 2023 Khoros, LLC