Forum Discussion

Joe_Fontes_4518's avatar
Joe_Fontes_4518
Icon for Nimbostratus rankNimbostratus
Oct 16, 2006

X-Forwarded-For iRule

To start I am very new to F5 products and thus know nothing about iRules. The only thing I know is what I need one to do.

 

I have enabled the X-Forwarded-For option for the sites and they are logging correctly. The issue I am having is that I get the client address when the requests come through the LB but is there any way to create an iRule that swaps out the actual host instead of needing the X-Forwarded-For?

 

The reason I ask is that we have some traffic that goes directly to the site's IP address and thus does not set that variable. So right now I can either log traffic going directly to the machine OR traffic coming from the LB not both. This is really starting to mess with our stats reporting.

 

Any ideas?

5 Replies

  • The reason you would only see the BIG-IP's self IP or SNAT address as the source is if you have SNAT enabled on the VIP. Typically this is done in a network where the nodes aren't configured with the BIG-IP as their default gateway.

     

     

    If you were able to either set the default gateway on the nodes to the BIG-IP or configure routing that guaranteed all responses to clients that made requests through the BIG-IP would be sent back through the BIG-IP you could disable the SNAT and preserve the original client IP address.

     

     

    If changing the routing isn't an option then you would need to use a SNAT and insert the original client IP address in the XFF header.

     

     

    Dev posted a DLL that you can install on IIS servers to parse the XFF header if it's present and log the value as the c-IP.

     

     

    Note: "If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used."

     

     

    So I would expect this should work for you regardless of whether the client is going through the BIG-IP or not.

     

     

    Aaron

     

     

    http://devcentral.f5.com/Default.aspx?tabid=38

     

     

     

    Author: Joe Pruitt

     

     

    Date Uploaded: 9/20/2005 12:22:32 AM

     

     

    File Description:

     

     

    This IIS ISAPI filter will look for the X-Forwarded-For header in the HTTP request and, if it finds one, it will replace the c-ip (client ip) in the W3SVC log traces with the value of the X-Forwarded-For header.

     

     

    This is useful when servers are sitting behind a VIP and have no view on the true client IP address. BIG-IP has the ability to add the client ip as the X-Forwarded-For header and when that is done, this filter will replace the internal address of the BIG-IP with the true client address (or at least what is presented on the client side of the connection to the BIG-IP). If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used.

     

     

    To install: Simply add this filter to your IIS Web Site in the IIS admin utility.

     

  • Thank you for the responce and as suggested, changing the default route is not an option.

     

    I had found that dll you referred to during a search of the forums although we are running Apache web servers.

     

    I thought this might be easier to find a solution on the F5 side rather than looking for a solution to 100+ machines. I will look around for an apache solution and post up what I find but if anyone has any suggestions.....
  • If all you want to do is modify the host header (that's what I'm reading from the first message in the thread), then you can use the HTTP::host command to modify that value.

    when HTTP_REQUEST {
      HTTP::host "newhostname"
    }

    You'll just have to make sure that your web servers are configured to serve up traffic for requests.

    If I read the question wrong, the please disregard...

    -Joe
  • It was my understanding that HTTP::host can only be returned, not set. Is this not correct? I get an error when I try that syntax.
  • I stand corrected. I'm not sure why that is read-only but the workaround is to do a HTTP::header replace command on the Host header.

    when HTTP_REQUEST {
      HTTP::header replace "Host" "newhostname"
    }

    That one should work...

    -Joe