Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Pass TAG from one Virtual Server to another

prashanth
Nimbostratus
Nimbostratus

‎07-Nov-2020 10:09

Hi There,

I have two virtual servers on the same IP address listening on port 8080 and 9090. 9090 VS there is a iRule redirection towards 8080 URL.

Currently there is a requirement to add X-Forwarded-Port hence the backend servers will be able to see the request is initiated towards which port.

There is X-Forwarded header cleanup configured as per the standard.

 

 

Since there is this cleanup though I add the X-Forwarded-Prot in 9090 VS it will be overwritten on 8080.

Is there any way I can add TAG while redirection from one VS to another, hence in the 8080 VS I can match the TAG and avoid the TAG being replaced.

 

Thanks in Advance

Prashanth

Labels:
0 Kudos
4 REPLIES 4

jaikumar_f5
MVP
MVP

‎07-Nov-2020 23:26

Understanding your requirement.

​1. VS9090 redirects to VS8080

2. In VS9090 you are removing all X- headers.

3. But you want VS8080 to also know to which port the actual traffic came in, whether 8080 or 9090, hence your looking for the header X-F-Port.

Well, you are removing X headers but you also want port header. Can you share your existing irule, unless you insert port header info back again, I don't think you can get this information on other virtual.

0 Kudos

prashanth
Nimbostratus
Nimbostratus

‎08-Nov-2020 00:23 - last edited on ‎04-Jun-2023 21:12 by Fog

Yes your understanding on redirection is correct.

Below is the iRule on VS8080

when HTTP_REQUEST {
 
	# Remove untrusted HTTP X-Forwarded header
	#
 
	#  X-Forwarded headers clean-up
	#
	HTTP::header remove X-Forwarded-For
	HTTP::header remove X-Forwarded-Host
	HTTP::header remove X-Forwarded-Port
	HTTP::header remove X-Forwarded-Proto
	HTTP::header remove X-Real-IP
 
	# Set our own X-Forwarded and X-Real-IP headers
 
	# X-FORWARDED-FOR and X-REAL-IP
	#
	HTTP::header insert X-Forwarded-For [IP::client_addr]
	HTTP::header insert X-Real-IP [IP::client_addr]
 
	# X-FORWARDED-PORT
	#
	HTTP::header insert X-Forwarded-Port [TCP::local_port]
 
}

As you can see we are clearing the XF header and adding the new header to avoid any clients trying to connect already with the XF header.

Though I set a header on VS9090 before redirecting to VS8080 it will be removed by the iRule on VS8080.

Hope this clarifies.

0 Kudos

jaikumar_f5
MVP
MVP
In response to prashanth

‎09-Nov-2020 09:38

Actually it's not removed by your VS8080​, I think it doesn't get passed to VS8080 in first place.

The way how VS9090 redirects is through 302. When you use http2https redirect irule, it uses HTTP::REDIRECT method on the HTTP_REQUEST event. You cant pass headers. Well you could still try going with HTTP::RESPOND method with a 302 with Location header. But still it wouldn't work.

When a 302 comes back to client, the browser takes the Location header information and passes it a new Get request, thus your headers even if you had passed with HTTP::RESPOND would still get dropped in the new Get request which goes to the new VS8080.

The only way I can think of is, to pass your header info along with the value of Location ​header. And once the traffic reaches the VS8080, you would inspect the inbound request and filter it out accordingly.

Hope you got the idea. See if it helps.

0 Kudos

Mable
Nimbostratus
Nimbostratus

‎08-Nov-2020 23:26

Hii prashanth,

hanks for the step by step answer. Works like a charm! KrogerFeed

0 Kudos
Copyright © 2023 Khoros, LLC