Forum Discussion

kunal_borkar_52's avatar
kunal_borkar_52
Icon for Nimbostratus rankNimbostratus
Oct 03, 2012

Not able to see HTTP requset from and HTTP header in floationg IP to server communication

Hi Team,

 

I have created LAB set up on VMware for LTM. I want to configure Client Ip insertion in HTTP header but when I take Tcpdump on LTM not able to see any HTTP request from Floating IP to server, all requsets show as TCP so not able to see any HTTP header. ehnce not able to confirm whether Client IP is getting insert on HTTP header. Please find below config and find attached capture file,

 

 

profile http web_1 {

 

defaults from http

 

oneconnect transformations enable

 

header insert none

 

header erase none

 

fallback none

 

response selective chunk

 

lws width 80

 

lws separator none

 

redirect rewrite none

 

max header size 32768

 

max requests 0

 

pipelining enable

 

insert xforwarded for enable

 

fallback status none

 

response headers allowed none

 

encrypt cookies none

 

}

 

node 10.1.1.25 {}

 

pool Web_1 {

 

monitor all tcp

 

members {

 

10.1.1.25:hosts2-ns {}

 

10.1.1.25:xfer {}

 

}

 

}

 

snatpool web_1 {

 

members 10.1.1.15

 

}

 

rule Client_ip {

 

when HTTP_REQUEST {

 

HTTP::header insert X-Forwarded-For [IP::remote_addr]

 

}

 

}

 

rule My_rule {

 

when HTTP_REQUEST {

 

if {not [HTTP::header exists "X-Forwarded-For"]} {

 

HTTP::header insert X-Forwarded-For [IP::client_addr]

 

}

 

}

 

}

 

rule Web_1 {

 

when HTTP_REQUEST {

 

if { [HTTP::uri] equals "/" } {

 

HTTP::redirect "http://10.1.1.30/joomla/"

 

}

 

}

 

}

 

traffic class ANY {

 

classification tag "Any"

 

src mask none

 

dst mask none

 

}

 

virtual Web_1 {

 

snat automap

 

pool Web_1

 

destination 10.1.1.30:http

 

ip protocol tcp

 

rules {

 

Web_1

 

My_rule

 

}

 

profiles {

 

http {}

 

tcp {}

 

}

 

}

 

Please revert with your observation.

 

Regards..Kunal

 

 

 

config
design

3 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 03, 2012

    Kunal, if you're HTTP Profile is configured to insert the XFF header, there's no need for an iRule to do the same thing.

     

     

    Regarding the tcpdump,are you specifying the correct real server-side interface? Also, what are you using to decode the dump? The port isn't the standard HTTP port of 80 so you might need to specifically specify 'decode as HTTP'.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Oct 03, 2012
    e.g. 

    [root@ve10:Active] config  b virtual Web_1 list
virtual Web_1 {
   snat automap
   pool Web_1
   destination 172.28.19.79:80
   ip protocol 6
   rules {
      Web_1
      My_rule
   }
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool Web_1 list
pool Web_1 {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule Web_1 list
rule Web_1 {
   when HTTP_REQUEST {
   if { [HTTP::uri] equals "/" } {
      HTTP::redirect "http://10.1.1.30/joomla/"
   }
}
}
[root@ve10:Active] config  b rule My_rule list
rule My_rule {
   when HTTP_REQUEST {
   if {not [HTTP::header exists "X-Forwarded-For"]} {
      HTTP::header insert X-Forwarded-For [IP::client_addr]
   }
}
}

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.19.251(49526) <-> 172.28.19.79(80)
1349253665.2904 (0.0013)  C>S
---------------------------------------------------------------
HEAD /something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(49526) <-> 200.200.200.101(80)
1349253665.2931 (0.0009)  C>S
---------------------------------------------------------------
HEAD /something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*
X-Forwarded-For: 172.28.19.251

---------------------------------------------------------------
  • kunal_borkar_52's avatar
    kunal_borkar_52
    Icon for Nimbostratus rankNimbostratus
    Oct 03, 2012
    By decoding TCP dump as HTTP able to see client IP in cpature also by using " ssldump -Aed -nni 0.0 port 80 or port 81 or port 82" command able to see client ip in HTTP header.

     

     

    Thanks for update.

     

     

    Regards..Kunal