header insert
17 TopicsIrule to allow specific IPs
I have a site which is abc.com Trying to achieve below requirements- 1) If uri is / it should redirect to abc.com/xyz - open for all 2) If uri is /rdp_xyz_tshoot should accessible to internal network - (here we can use the datagroup list) As this site is migrated to akamai where they have requirement to use below irule- when HTTP_REQUEST { if { [HTTP::header exists True-Client-IP] } { set trueclientip [HTTP::header True-Client-IP] HTTP::header replace X-Forwarded-For $trueclientip } } Cause for above akamai irule= Normally the True-Client-IP header includes the real IP of the clients when requests are coming from Akamai. It will be unaffected and be sent as part of the request to the pool member. So, your backend servers could look for that header and do something with its value. However, if you want the F5 to translate it to the X-Forwarded-For header, you can use an iRule to convert the Akamai True-Client-IP header to the X-Forwarded-For header. we are trying with below irule which is not working- when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/rdp_xyz_tshoot") && (not[class match [IP::client_addr] equals allowed_IPs])} { reject } if { [HTTP::uri] == "/" } { HTTP::redirect "https://[HTTP::host]/abc_login.jsp" } } Please help37Views0likes2CommentsBIG-IP : http profile : insert multiple headers
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi Via the web-admin, I can create/edit an http profile and set this field : Request Header Insert = "X-Forwarded-Proto:http" But what if I want to insert multiple headers ? What is the syntax ? Further, does Request Header Insert erase any pre-existing request headers ? Also, I set Insert X-Forwarded-For to Enabled but logs do not show header X-Forwarded-For to be present.1.1KViews0likes8CommentsBIG-IP : HTTP Profile Insert X-Forwarded-For Enabled but not found in request headers collection
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi For a Virtual-Server assigned an HTTP Profile configured with : Insert X-Forwarded-For Enabled under what circumstances would the header not be inserted ? My iRule logs : when HTTP_REQUEST { log local0. "X-Forwarded-For header = [HTTP::header X-Forwarded-For]" ` indicate header is not present -- here is log output : `X-Forwarded-For header = Could disabling HTTP_REQUEST event at end of iRule affect HTTP Profile ability to add the header ?271Views0likes2CommentsX-Forwarded-For header
Hi All, My application team requirement is to able to see the actual client ip address whoever accessing the application instead of BIG IP address as SNAT (Auto map) is enabled. I have read some SOL on it and understand that we can achieve this by iRule & HTTP profile. However, my requirement is to have an iRule as we can take decision whether to add X-Forwarded-For header to client requests. Can anyone please share the iRule script pertaining to this requirement. Thanks in advance, MSK384Views0likes11CommentsDifferentiating the connections based on headers || HTTP Profile
Hi, I have a scenario wherein the app team wants to publish an application both to external and internal (intranet). However, the requirement from them is to check on BIG IP to leverage HTTP profile (or iRule) to segregate between external and internal users. They want to have something like http profile = abc.com_external implies external user http profile = abc.com_internal implies internal user Now, below is the traffic flow for both scenarios, External End user >>> External BIGIP >>> Internal BIGIP >>> Backend Servers Internal End user >>>> Internal BIGIP >>> Backend Servers So, the only difference basically is that for external connections the internal BIGIP would see the source as the external BIGIP. Now, my approach is if we can insert something in the header on external BIGIP and monitor for it on the internal BIGIP then we could differentiate between external and internal users. Internal connections would be parsed as normal. Therefore, at the app level on backend servers they could differentiate between external connections by monitoring the newly added header. Not sure if this could be achievable but would be great if you could provide some help and thoughts. Br, MSK251Views0likes1CommentBIG-IP : header added timestamp
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi For the case where multiple identical headers (e.g. X-FORWARDED-FOR) accumulate as a request passes through a series of entities ( e.g. clients, forward-proxies, CDNs, reverse-proxies, & servers ) : X-FORWARDED-FOR 10.10.20.1 X-FORWARDED-FOR 199.16.144.5 X-FORWARDED-FOR 204.15.0.249 Does the request include timestamp data for each header added ? If BIG-IP adds a header , does it record the timestamp somewhere ?231Views0likes1CommentBIG-IP add custom header
F5 BIG-IP LTM VE v11.4.0 on ESXi I want to add a custom header to my request before rewriting to a backend server : when HTTP_REQUEST { HTTP::header insert uri-original [HTTP::uri] ... HTTP::uri $rewrite_uri pool backend-pool-01 } However my tests do not show this header present. Am I adding the header correctly ? What are the rules around retaining added headers ? How can I log all headers present in my request ? UPDATE ( 2014-11-29 ) : For case where iRule is assigned to a virtual-server with an http profile, I verified above TCL does add header as expected. However, for https case, adding the header writes errors to the f5 logs : Nov 14 22:03:03 f5-01 err bigd[6134]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure. Nov 14 22:03:04 f5-01 err tmm1[8371]: 01220001:3: TCL error: /Common/xheader-irule-01 - Operation not supported (line 1) invoked from within "HTTP::header insert original-uri [HTTP::uri]"1.2KViews0likes16CommentsBIG-IP : irule : add request header ( replace if exists )
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi I need to add/replace a specific request header. Here's my iRule : when HTTP_REQUEST { if { [HTTP::header exists "original-uri"] } { HTTP::header replace original-uri [HTTP::uri] } else { HTTP::header insert original-uri [HTTP::uri] } } Is there a way to perform the insert/replace in a single line ?1.2KViews0likes18CommentsiRule to redirect user with incorrect certificate to specific url
Hello, I'm writing iRule, which sould redirect user to specific uri, if user don't have cert or have incorrect cert. Client ssl profile client authentication is set to "ignore". I want to redirect user with incorrect cert to "https://[HTTP::host]/index.php?id=14", which is the only uri, that works without cert auth. HTTP respond or redirect in event "when HTTP_REQUEST_SEND" does not work, but logging does ("No or invalid client Certificate!"). Browser response when I choose incorect cert: " This site can’t provide a secure connection sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR " Code: when CLIENTSSL_CLIENTCERT { HTTP::release if { [SSL::cert count] < 1 } { log local0. "No client Certificate!" } } when HTTP_REQUEST { if { [HTTP::uri] ne "/index.php?id=14" }{ if { [SSL::cert count] <= 0 } { HTTP::collect SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } } if { [HTTP::uri] eq "/index.php?id=14" }{ log local0. "uri eq id=14" pool XYZ-POOL } } when HTTP_REQUEST_SEND { clientside { if { [SSL::cert count] > 0 } { HTTP::header insert "X-SSL-Session-ID" [SSL::sessionid] HTTP::header insert "X-SSL-Client-Cert-Status" [X509::verify_cert_error_string [SSL::verify_result]] HTTP::header insert "X-SSL-Client-Cert-Subject" [X509::subject [SSL::cert 0]] HTTP::header insert "X-SSL-Client-Cert-Issuer" [X509::issuer [SSL::cert 0]] log local0. "http header insert completed" } else { log local0. "No or invalid client Certificate!" HTTP::redirect "https://www.xyz.com/index.php?id=14" HTTP::respond 302 Location "https://[HTTP::host]/index.php?id=14" } } } Best regards, Spela846Views0likes2CommentsiRule $variable problem
Hi, I have a problem with writing an iRule ... In the HTTP header I should have a variable called "$STH", and then the problem arises... TCL treats the dollar symbol as a symbol for the variable. What can I do in this case? when HTTP_REQUEST { HTTP :: header insert "$STH" '523' } Best regards, Spela273Views0likes1Comment