cancel
Showing results for 
Search instead for 
Did you mean: 

Problem persistent iRule

Jo_
Nimbostratus
Nimbostratus

Within the login process, requests are send from a client towards our IDP. That same client also sends requests within the sale login process to a web server that in turn sends requests to our IDP.

The intention is that the requests that come directly from the client and those that go through the web server end up on the same IDP server.

The first IP within the X-Forwarded-For header always contains the client ip. Therefore the following IRule was configured:

if { $static::uri contains "/part_of_url" }{
  if { [HTTP::header exists "X-Forwarded-For"] }{
    persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]
  }
}

Wat is the result?

Requests from the client directly to the IDP end up on the same IDP server and requests from the same client that go through the web server end up on another IDP. The first attribute of the X-Forwarded_For header is the same clientip for all requests. How can all requests from the same clientIP ends up on the same IDP server?

2 REPLIES 2

Leslie_Hubertus
Community Manager
Community Manager

Hey @Jo_  - thanks for posting and giving some detail. If you don't get an answer soon from the community, I'll ask one of my colleagues to chime in. 

JRahm
Community Manager
Community Manager

Just posing some questions to think about, I am not well-versed in the specifics of setting up this configuration on APM.

  1. You are taking the first header in the list of potential X-Forwarded-For headers present, and then taking the first IP address from that header, correct? Is that always desired state?
  2. What event is that logic applied in?
  3. Also you have one-connect enabled? If not, you're evaluating on a per-connection basis, not a per-request basis.
  4. Finally, have you taken packet captures to evaluate your headers ahead of and after BIG-IP?