Forum Discussion

prashanth's avatar
prashanth
Icon for Nimbostratus rankNimbostratus
Nov 07, 2020

Pass TAG from one Virtual Server to another

Hi There,

I have two virtual servers on the same IP address listening on port 8080 and 9090. 9090 VS there is a iRule redirection towards 8080 URL.

Currently there is a requirement to add X-Forwarded-Port hence the backend servers will be able to see the request is initiated towards which port.

There is X-Forwarded header cleanup configured as per the standard.

 

 

Since there is this cleanup though I add the X-Forwarded-Prot in 9090 VS it will be overwritten on 8080.

Is there any way I can add TAG while redirection from one VS to another, hence in the 8080 VS I can match the TAG and avoid the TAG being replaced.

 

Thanks in Advance

Prashanth

application delivery
BIG-IP
irule
iRules
Redriection
X-Forwarded

4 Replies

Sort By
  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Nov 08, 2020

    Understanding your requirement.

    ​1. VS9090 redirects to VS8080

    2. In VS9090 you are removing all X- headers.

    3. But you want VS8080 to also know to which port the actual traffic came in, whether 8080 or 9090, hence your looking for the header X-F-Port.

    Well, you are removing X headers but you also want port header. Can you share your existing irule, unless you insert port header info back again, I don't think you can get this information on other virtual.

  • prashanth's avatar
    prashanth
    Icon for Nimbostratus rankNimbostratus
    Nov 08, 2020

    Yes your understanding on redirection is correct.

    Below is the iRule on VS8080

    when HTTP_REQUEST {
 
	# Remove untrusted HTTP X-Forwarded header
	#
 
	#  X-Forwarded headers clean-up
	#
	HTTP::header remove X-Forwarded-For
	HTTP::header remove X-Forwarded-Host
	HTTP::header remove X-Forwarded-Port
	HTTP::header remove X-Forwarded-Proto
	HTTP::header remove X-Real-IP
 
	# Set our own X-Forwarded and X-Real-IP headers
 
	# X-FORWARDED-FOR and X-REAL-IP
	#
	HTTP::header insert X-Forwarded-For [IP::client_addr]
	HTTP::header insert X-Real-IP [IP::client_addr]
 
	# X-FORWARDED-PORT
	#
	HTTP::header insert X-Forwarded-Port [TCP::local_port]
 
}

    As you can see we are clearing the XF header and adding the new header to avoid any clients trying to connect already with the XF header.

    Though I set a header on VS9090 before redirecting to VS8080 it will be removed by the iRule on VS8080.

    Hope this clarifies.

    • jaikumar_f5's avatar
      jaikumar_f5
      Icon for MVP rankMVP
      Nov 09, 2020

      Actually it's not removed by your VS8080​, I think it doesn't get passed to VS8080 in first place.

      The way how VS9090 redirects is through 302. When you use http2https redirect irule, it uses HTTP::REDIRECT method on the HTTP_REQUEST event. You cant pass headers. Well you could still try going with HTTP::RESPOND method with a 302 with Location header. But still it wouldn't work.

      When a 302 comes back to client, the browser takes the Location header information and passes it a new Get request, thus your headers even if you had passed with HTTP::RESPOND would still get dropped in the new Get request which goes to the new VS8080.

      The only way I can think of is, to pass your header info along with the value of Location ​header. And once the traffic reaches the VS8080, you would inspect the inbound request and filter it out accordingly.

      Hope you got the idea. See if it helps.