get and replace

When a client makes an HTTP request, you could look at the HTTP header(s) named X-Forwarded-for and set that as the source IP address for a connection to the pool using snat .

 

 

Try checking the wiki pages for the HTTP::header, snat and pool commands and repost with any questions.

 

 

Aaron

OK, I did some seraching and came up with this iRule:

 

when HTTP_REQUEST {

 

HTTP::header insert "source_addr" [HTTP::header "X-Forwarded-For"]

 

}

 

 

The problem is that it puts "source_addr" and the IP from the X-Forwarded-For under "HTTP: GET Request from Client" in the packet. I need for the IP from X-Forwarded-For to replace IP: Source Address = x.x.x.x under IP: Protocol in the packet.

 

 

I tried:

 

when HTTP_REQUEST {

 

IP::header insert "Source Address" [HTTP::header "X-Forwarded-For"]

 

}

 

 

But of course get the error:

 

 

01070151:3: Rule [forwrd] error:

 

line 2: [undefined procedure: IP::header] [IP::header insert "Source Address" [HTTP::header "X-Forwarded-For"]]

 

 

Can you steer me in the right direction.

I think what Aaron is suggesting is using the SNAT command to change the source IP to the value of the XFF header:

when HTTP_REQUEST {
  snat [HTTP::header "X-Forwarded-For"]
}

Interesting idea. If default routing will ensure an appropriate return path, it may work, but could instead result in broken conversations if the source NAT is in place to force return through a specific upstream device.

HTH

/deb

Deb, thanks for the help. When I try to use snat in that context, I get:

 

01070088:3: The requested object name (snat) is invalid.

 

 

Do I need to define the snat object?

Deb, forget my last. I'm bonehead. I tried to name the new iRule SNAT. Duh!