cancel
Showing results for 
Search instead for 
Did you mean: 

Not able to see HTTP requset from and HTTP header in floationg IP to server communication

kunal_borkar_52
Nimbostratus
Nimbostratus

Hi Team,

 

I have created LAB set up on VMware for LTM. I want to configure Client Ip insertion in HTTP header but when I take Tcpdump on LTM not able to see any HTTP request from Floating IP to server, all requsets show as TCP so not able to see any HTTP header. ehnce not able to confirm whether Client IP is getting insert on HTTP header. Please find below config and find attached capture file,

 

 

profile http web_1 {

 

defaults from http

 

oneconnect transformations enable

 

header insert none

 

header erase none

 

fallback none

 

response selective chunk

 

lws width 80

 

lws separator none

 

redirect rewrite none

 

max header size 32768

 

max requests 0

 

pipelining enable

 

insert xforwarded for enable

 

fallback status none

 

response headers allowed none

 

encrypt cookies none

 

}

 

node 10.1.1.25 {}

 

pool Web_1 {

 

monitor all tcp

 

members {

 

10.1.1.25:hosts2-ns {}

 

10.1.1.25:xfer {}

 

}

 

}

 

snatpool web_1 {

 

members 10.1.1.15

 

}

 

rule Client_ip {

 

when HTTP_REQUEST {

 

HTTP::header insert X-Forwarded-For [IP::remote_addr]

 

}

 

}

 

rule My_rule {

 

when HTTP_REQUEST {

 

if {not [HTTP::header exists "X-Forwarded-For"]} {

 

HTTP::header insert X-Forwarded-For [IP::client_addr]

 

}

 

}

 

}

 

rule Web_1 {

 

when HTTP_REQUEST {

 

if { [HTTP::uri] equals "/" } {

 

HTTP::redirect "http://10.1.1.30/joomla/"

 

}

 

}

 

}

 

traffic class ANY {

 

classification tag "Any"

 

src mask none

 

dst mask none

 

}

 

virtual Web_1 {

 

snat automap

 

pool Web_1

 

destination 10.1.1.30:http

 

ip protocol tcp

 

rules {

 

Web_1

 

My_rule

 

}

 

profiles {

 

http {}

 

tcp {}

 

}

 

}

 

Please revert with your observation.

 

Regards..Kunal

 

 

 

3 REPLIES 3

What_Lies_Bene1
Cirrostratus
Cirrostratus

Kunal, if you're HTTP Profile is configured to insert the XFF header, there's no need for an iRule to do the same thing.

 

 

Regarding the tcpdump,are you specifying the correct real server-side interface? Also, what are you using to decode the dump? The port isn't the standard HTTP port of 80 so you might need to specifically specify 'decode as HTTP'.

 

nitass
F5 Employee
F5 Employee
e.g.

 

 

[root@ve10:Active] config b virtual Web_1 list virtual Web_1 { snat automap pool Web_1 destination 172.28.19.79:80 ip protocol 6 rules { Web_1 My_rule } profiles { http {} tcp {} } } [root@ve10:Active] config b pool Web_1 list pool Web_1 { members 200.200.200.101:80 {} } [root@ve10:Active] config b rule Web_1 list rule Web_1 { when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "http://10.1.1.30/joomla/" } } } [root@ve10:Active] config b rule My_rule list rule My_rule { when HTTP_REQUEST { if {not [HTTP::header exists "X-Forwarded-For"]} { HTTP::header insert X-Forwarded-For [IP::client_addr] } } } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.251(49526) <-> 172.28.19.79(80) 1349253665.2904 (0.0013) C>S --------------------------------------------------------------- HEAD /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(49526) <-> 200.200.200.101(80) 1349253665.2931 (0.0009) C>S --------------------------------------------------------------- HEAD /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* X-Forwarded-For: 172.28.19.251 ---------------------------------------------------------------

kunal_borkar_52
Nimbostratus
Nimbostratus
By decoding TCP dump as HTTP able to see client IP in cpature also by using " ssldump -Aed -nni 0.0 port 80 or port 81 or port 82" command able to see client ip in HTTP header.

 

 

Thanks for update.

 

 

Regards..Kunal