How can I preserve the original HTTP Host Header to the Backendservers?
Hi guys, I'm trying the following configuration to loadbalance a RH SSO Key cloack Cluster: clientIP -> https/443 -> (clientssl-Profile) F5-Virtual Server (serverssl-Profile) -> SNAT-IP -> tcp8443 -> Backendserver The Backendserver need to see the original client http Header, so I created a http Profile with the "Insert X-Forwarded-For"-Option enabled. Alternative I tried the following iRule: when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::client_addr] } Unfortunaly, both ways didn't work properly... How can I preserve the whole original HTTP Host Header trough the F5 to the Backendservers? Thank you!
BIG-IP add custom header
F5 BIG-IP LTM VE v11.4.0 on ESXi I want to add a custom header to my request before rewriting to a backend server : when HTTP_REQUEST { HTTP::header insert uri-original [HTTP::uri] ... HTTP::uri $rewrite_uri pool backend-pool-01 } However my tests do not show this header present. Am I adding the header correctly ? What are the rules around retaining added headers ? How can I log all headers present in my request ? UPDATE ( 2014-11-29 ) : For case where iRule is assigned to a virtual-server with an http profile, I verified above TCL does add header as expected. However, for https case, adding the header writes errors to the f5 logs : Nov 14 22:03:03 f5-01 err bigd[6134]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure. Nov 14 22:03:04 f5-01 err tmm1[8371]: 01220001:3: TCL error: /Common/xheader-irule-01 - Operation not supported (line 1) invoked from within "HTTP::header insert original-uri [HTTP::uri]"BIG-IP : irule : add request header ( replace if exists )
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi I need to add/replace a specific request header. Here's my iRule : when HTTP_REQUEST { if { [HTTP::header exists "original-uri"] } { HTTP::header replace original-uri [HTTP::uri] } else { HTTP::header insert original-uri [HTTP::uri] } } Is there a way to perform the insert/replace in a single line ?BIG-IP : http profile : insert multiple headers
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi Via the web-admin, I can create/edit an http profile and set this field : Request Header Insert = "X-Forwarded-Proto:http" But what if I want to insert multiple headers ? What is the syntax ? Further, does Request Header Insert erase any pre-existing request headers ? Also, I set Insert X-Forwarded-For to Enabled but logs do not show header X-Forwarded-For to be present.
iRule to redirect user with incorrect certificate to specific url
Hello, I'm writing iRule, which sould redirect user to specific uri, if user don't have cert or have incorrect cert. Client ssl profile client authentication is set to "ignore". I want to redirect user with incorrect cert to "https://[HTTP::host]/index.php?id=14", which is the only uri, that works without cert auth. HTTP respond or redirect in event "when HTTP_REQUEST_SEND" does not work, but logging does ("No or invalid client Certificate!"). Browser response when I choose incorect cert: " This site can’t provide a secure connection sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR " Code: when CLIENTSSL_CLIENTCERT { HTTP::release if { [SSL::cert count] < 1 } { log local0. "No client Certificate!" } } when HTTP_REQUEST { if { [HTTP::uri] ne "/index.php?id=14" }{ if { [SSL::cert count] <= 0 } { HTTP::collect SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } } if { [HTTP::uri] eq "/index.php?id=14" }{ log local0. "uri eq id=14" pool XYZ-POOL } } when HTTP_REQUEST_SEND { clientside { if { [SSL::cert count] > 0 } { HTTP::header insert "X-SSL-Session-ID" [SSL::sessionid] HTTP::header insert "X-SSL-Client-Cert-Status" [X509::verify_cert_error_string [SSL::verify_result]] HTTP::header insert "X-SSL-Client-Cert-Subject" [X509::subject [SSL::cert 0]] HTTP::header insert "X-SSL-Client-Cert-Issuer" [X509::issuer [SSL::cert 0]] log local0. "http header insert completed" } else { log local0. "No or invalid client Certificate!" HTTP::redirect "https://www.xyz.com/index.php?id=14" HTTP::respond 302 Location "https://[HTTP::host]/index.php?id=14" } } } Best regards, Spela
Best method to rewrite Request and Response URI, preserve URI data, and with no client redirect
Looking for the best method (iRule, HTTP Class, etc) to rewrite URI while preserving the trailing data in the URI and ensuring that no client redirect occurs. I also need to insert a header in the mix of all this. Client request - https://www.site.com/123 F5 Rewrite - Request - https://www.site.com/123 to https://www.site.com/321 Insert Header SetContextURI: http://www.site.com/123 F5 Rewrite - Response - https://www.site.com/321/blah/data (Preserve Data) to https://www.site.com/123/Blah/data I have looked at several options, but none bring both the Request, Response, and header insert together or will do a client redirect.Missing SOAPAction
Hey, I have a problem I think is easy to solve but this is my 1st time researching F5 rules. I'm a developer by trade but trying to figure out an urgent issue. I have a problem with an obscure client of our SOAP services. Our WSDLs speficy am empty SoapAction but this client assume that without a SOAPAction, it won't even send the header. Our server get a mixture of REST and SOAP requests so I am looking for a rule that will check only SOAP requests for a SOAPAction header and if it doesn't exist, add it. Or, is this just as easy as doing something like this? HTTP::header replace SOAPAction "" This is a little scorched earth but we don't have any SOAPAction anywhere. I don't think this would negatively affect other types of requests even it were be added to everything?
X-Forwarded-For header
Hi All, My application team requirement is to able to see the actual client ip address whoever accessing the application instead of BIG IP address as SNAT (Auto map) is enabled. I have read some SOL on it and understand that we can achieve this by iRule & HTTP profile. However, my requirement is to have an iRule as we can take decision whether to add X-Forwarded-For header to client requests. Can anyone please share the iRule script pertaining to this requirement. Thanks in advance, MSKSend custom header to server, not client.
Would this iRule, when HTTP_REQUEST { HTTP::header insert "MyHeaderName" "MyHeaderValue" } when applied to a virtual server, send the "MyHeaderName/MyHeaderValue" header to the back-end web servers? If not, how can I trigger a header to be created and sent to the back-end web servers with each client request?
