07-Nov-2020 10:09
Hi There,
I have two virtual servers on the same IP address listening on port 8080 and 9090. 9090 VS there is a iRule redirection towards 8080 URL.
Currently there is a requirement to add X-Forwarded-Port hence the backend servers will be able to see the request is initiated towards which port.
There is X-Forwarded header cleanup configured as per the standard.
Since there is this cleanup though I add the X-Forwarded-Prot in 9090 VS it will be overwritten on 8080.
Is there any way I can add TAG while redirection from one VS to another, hence in the 8080 VS I can match the TAG and avoid the TAG being replaced.
Thanks in Advance
Prashanth
07-Nov-2020 23:26
Understanding your requirement.
1. VS9090 redirects to VS8080
2. In VS9090 you are removing all X- headers.
3. But you want VS8080 to also know to which port the actual traffic came in, whether 8080 or 9090, hence your looking for the header X-F-Port.
Well, you are removing X headers but you also want port header. Can you share your existing irule, unless you insert port header info back again, I don't think you can get this information on other virtual.
08-Nov-2020
00:23
- last edited on
04-Jun-2023
21:12
by
JimmyPackets
Yes your understanding on redirection is correct.
Below is the iRule on VS8080
when HTTP_REQUEST {
# Remove untrusted HTTP X-Forwarded header
#
# X-Forwarded headers clean-up
#
HTTP::header remove X-Forwarded-For
HTTP::header remove X-Forwarded-Host
HTTP::header remove X-Forwarded-Port
HTTP::header remove X-Forwarded-Proto
HTTP::header remove X-Real-IP
# Set our own X-Forwarded and X-Real-IP headers
# X-FORWARDED-FOR and X-REAL-IP
#
HTTP::header insert X-Forwarded-For [IP::client_addr]
HTTP::header insert X-Real-IP [IP::client_addr]
# X-FORWARDED-PORT
#
HTTP::header insert X-Forwarded-Port [TCP::local_port]
}
As you can see we are clearing the XF header and adding the new header to avoid any clients trying to connect already with the XF header.
Though I set a header on VS9090 before redirecting to VS8080 it will be removed by the iRule on VS8080.
Hope this clarifies.
09-Nov-2020 09:38
Actually it's not removed by your VS8080, I think it doesn't get passed to VS8080 in first place.
The way how VS9090 redirects is through 302. When you use http2https redirect irule, it uses HTTP::REDIRECT method on the HTTP_REQUEST event. You cant pass headers. Well you could still try going with HTTP::RESPOND method with a 302 with Location header. But still it wouldn't work.
When a 302 comes back to client, the browser takes the Location header information and passes it a new Get request, thus your headers even if you had passed with HTTP::RESPOND would still get dropped in the new Get request which goes to the new VS8080.
The only way I can think of is, to pass your header info along with the value of Location header. And once the traffic reaches the VS8080, you would inspect the inbound request and filter it out accordingly.
Hope you got the idea. See if it helps.
08-Nov-2020 23:26
Hii prashanth,
hanks for the step by step answer. Works like a charm! KrogerFeed