cancel
Showing results for 
Search instead for 
Did you mean: 

Website does not load after using X-Forwarded-For HTTP header

Mohammad_1363
Altocumulus
Altocumulus

Hello

I need to see the client real IP to one of my publicly available website, to do that, i enabled the X-Forwarded-For under http profile (client) after that the website did not come up, i tried to use below iRule as well but that one needs to have http profile attached to VIP, so when i attached the http profile the website won't come online, I was wondering if you could help me. one note : the SSL is terminated on the backend server NOT F5.

The error which I am getting

 

Secure Connection Failed

 

An error occurred during a connection to www.example.com. PR_END_OF_FILE_ERROR

 

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

   Please contact the website owners to inform them of this problem.

 

 

The iRule

when HTTP_REQUEST {

HTTP::header insert X-Forwarded-For [IP::remote_addr]

}

 

Thanks

Mohammad

1 REPLY 1

Hi ,

 

you say that SSL is terminated on the backend and not on the F5. Therefore the BIG-IP cannot insert any HTTP headers.

 

Please see K4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic ...

Quoting from there:

"Note: You can insert HTTP headers in HTTPS traffic only if the client connects to a BIG-IP virtual server configured with a Client SSL profile. When the BIG-IP system terminates the SSL connection, it has access to the unencrypted HTTP data."

 

You can only insert a X-Forwarded-For header once you make your virtual server capable of performing SSL decryption/encryption. For details see: K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors.

 

KR

Daniel