Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Pass TAG from one Virtual Server to another

prashanth
Nimbostratus
Nimbostratus

Hi There,

I have two virtual servers on the same IP address listening on port 8080 and 9090. 9090 VS there is a iRule redirection towards 8080 URL.

Currently there is a requirement to add X-Forwarded-Port hence the backend servers will be able to see the request is initiated towards which port.

There is X-Forwarded header cleanup configured as per the standard.

 

 

Since there is this cleanup though I add the X-Forwarded-Prot in 9090 VS it will be overwritten on 8080.

Is there any way I can add TAG while redirection from one VS to another, hence in the 8080 VS I can match the TAG and avoid the TAG being replaced.

 

Thanks in Advance

Prashanth

4 REPLIES 4

Understanding your requirement.

​1. VS9090 redirects to VS8080

2. In VS9090 you are removing all X- headers.

3. But you want VS8080 to also know to which port the actual traffic came in, whether 8080 or 9090, hence your looking for the header X-F-Port.

Well, you are removing X headers but you also want port header. Can you share your existing irule, unless you insert port header info back again, I don't think you can get this information on other virtual.

prashanth
Nimbostratus
Nimbostratus

Yes your understanding on redirection is correct.

Below is the iRule on VS8080

when HTTP_REQUEST {
 
	# Remove untrusted HTTP X-Forwarded header
	#
 
	#  X-Forwarded headers clean-up
	#
	HTTP::header remove X-Forwarded-For
	HTTP::header remove X-Forwarded-Host
	HTTP::header remove X-Forwarded-Port
	HTTP::header remove X-Forwarded-Proto
	HTTP::header remove X-Real-IP
 
	# Set our own X-Forwarded and X-Real-IP headers
 
	# X-FORWARDED-FOR and X-REAL-IP
	#
	HTTP::header insert X-Forwarded-For [IP::client_addr]
	HTTP::header insert X-Real-IP [IP::client_addr]
 
	# X-FORWARDED-PORT
	#
	HTTP::header insert X-Forwarded-Port [TCP::local_port]
 
}

As you can see we are clearing the XF header and adding the new header to avoid any clients trying to connect already with the XF header.

Though I set a header on VS9090 before redirecting to VS8080 it will be removed by the iRule on VS8080.

Hope this clarifies.

Actually it's not removed by your VS8080​, I think it doesn't get passed to VS8080 in first place.

The way how VS9090 redirects is through 302. When you use http2https redirect irule, it uses HTTP::REDIRECT method on the HTTP_REQUEST event. You cant pass headers. Well you could still try going with HTTP::RESPOND method with a 302 with Location header. But still it wouldn't work.

When a 302 comes back to client, the browser takes the Location header information and passes it a new Get request, thus your headers even if you had passed with HTTP::RESPOND would still get dropped in the new Get request which goes to the new VS8080.

The only way I can think of is, to pass your header info along with the value of Location ​header. And once the traffic reaches the VS8080, you would inspect the inbound request and filter it out accordingly.

Hope you got the idea. See if it helps.

Mable
Nimbostratus
Nimbostratus

Hii prashanth,

hanks for the step by step answer. Works like a charm! KrogerFeed