Forum Discussion

Christophe_Lem2's avatar
Christophe_Lem2
Icon for Cirrus rankCirrus
Jun 21, 2013

Persistence on X-Forwarded-For or Source IP

Hi,

 

I've got a request to make a persitence across two virtual servers but on different parameters...

 

The two virtual servers uses the same pool.

 

The client connects first on vserver1 through a proxy, where X-Forwarded-For is inserted in the HTTP header. Then the client connects to a second vserver, vserver2, without proxy. He must go to the same server as for the first request.

 

I've tried the following iRule but it doesn't seem to work...

 

 

when HTTP_REQUEST {

 

if {[HTTP::header X-Forwarded-For] != ""} then {

 

persist uie [HTTP::header X-Forwarded-For] 900

 

} else {

 

persist uie [IP::client_addr] 900

 

}

 

}

 

 

Any idea on how to achieve this?

 

 

Regards,

 

Christophe

 

application delivery
dev
devops
iRules
v4

4 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 21, 2013
    you enabled match across virtual servers, didn't you?

     

     

    sol5837: Match Across options for session persistence

     

    http://support.f5.com/kb/en-us/solutions/public/5000/800/sol5837.html
  • Christophe_Lem2's avatar
    Christophe_Lem2
    Icon for Cirrus rankCirrus
    Jun 21, 2013
    It works like a charm, I forgot to enable the Match Across Virtual Servers in my persitence profile...
  • Lester_W__54354's avatar
    Lester_W__54354
    Icon for Nimbostratus rankNimbostratus
    Jun 04, 2014
    This is good EXCEPT if the X-Forwarded-For is a comma-separated list and the intermediate proxies vary. Consider the following: REQUEST 1: X-Forwarded-For: 101.202.11.15, 10.2.5.7 REQUEST 2: X-Forwarded-For: 101.202.11.15, 10.2.5,18 The iRule shown above will treat request 2 as different. Any ideas on how to ensure only the 1st IP address in the list is used?
  • Christophe_Lem2's avatar
    Christophe_Lem2
    Icon for Cirrus rankCirrus
    Jun 04, 2014
    You may try to replace persist uie [HTTP::header X-Forwarded-For] 900 by something like this (not tested) lassign [ split [HTTP::header X-Forwarded-For] "," ] srcIP persist uie $srcIP 900