Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

X-Forwarded-Proto on policy

Jean_Mamène
Altostratus
Altostratus

Hi,
I have a vhost with a policy proxypass to redirect the HOST dns on the pool with somes different option.
I want to add X-Forwarded-Proto option in the policy but after somes try I couldn't get it to work.

"3. Insert HTTP Header named 'X-Forwarded-Proto' with value 'https' at response time." don't work

Please, somes ideas ? 

Regards



5 REPLIES 5

Paulius
MVP
MVP

@Jean_Mamène This should be what you're looking for.

https://my.f5.com/manage/s/article/K43444200

Hi,
It's for an http profile. I need to set this on policy.

Regards

@Jean_Mamène That is correct and it is the easiest and least complex way of configuring this. Any particular reason this cannot be done in an HTTP profile? I don't believe this can be done properly through a policy and would have to be done in an iRule and applied to the 443 virtual server only.

when HTTP_REQUEST priority 500 {

    HTTP::header insert "X-Forwarded-Proto" "https"

}

Jean_Mamène
Altostratus
Altostratus

I can add a specific irule, but I need to match host condition to add xfp.
Because I have one vhost with a proxyass with more 100+ host on.

@Jean_Mamène If you need a specific host header value to be matched and it's a long list you can create a data-group then in that data-group you add an entry for each host value and then perform a match in your iRule and the action to take would be to add in the XFP header similar to the following.

when HTTP_REQUEST priority 500 {

    if { [class match --value [HTTP::host] == CLASS-XFP-HOSTS] } {
        HTTP::header insert "X-Forwarded-Proto" "https"
    }

}

The following is an example of the data-group that you can import quickly through the cli using the "load sys config from-terminal merge" command and then pasting in the data-group. You would only have to adjust the host names in the data-group to your list before pasting it into the CLI.

ltm data-group internal CLASS-XFP-HOSTS {
    records {
        www1.example.com { }
        www2.example.com { }
        www3.example.com { }
    }
    type string
}