Forum Discussion

Warcop_48351's avatar
Warcop_48351
Icon for Nimbostratus rankNimbostratus
Aug 05, 2008

X-Forwarded-Proto Assistance

Hi - have a new scenario where the pool is expecting "X-Forwarded-Proto" information in the header. Does the default http/https profile insert this information automtically? I know some products do, just trying to figure out whether this will require a new iRule or not.

 

 

Thanks in advance.
application delivery
dev
devops
iRules

6 Replies

Sort By
  • Warcop_48351's avatar
    Warcop_48351
    Icon for Nimbostratus rankNimbostratus
    Aug 05, 2008
    I'm looking at the profile right now, I'm not seeing specifically for the "x-forwarded-proto" insertion. Is it named something else?

     

     

    I'm _not_ referring to "x-forwarded-for"
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Aug 05, 2008
    I do know we support X-Forwarded-For in the GUI, but I haven't heard for support of X-Forwarded-Proto. Is this true nmenant? I'll have to dig a bit and find out if the X-Forwarded-For option in the GUI inserts the X-Forwarded-Proto header as well.

     

     

    If not, you can always use an iRule!

     

     

    -Joe
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 06, 2008
    I don't think LTM does anything special for the X-Forwarded-Proto header. If you want to insert this header and the client SSL profile only allows SSL requests (Non-SSL Connections is not enabled) then you can configure a custom HTTP profile with 'Header Erase' set to X-Forwarded-Proto and 'Header Insert' set to 'X-Forwarded-Proto: https'. This ensures that any existing X-Forwarded-Proto headers are removed and a new X-Forwarded-Proto header with a value of https is inserted.

     

     

    Aaron
  • Warcop_48351's avatar
    Warcop_48351
    Icon for Nimbostratus rankNimbostratus
    Aug 12, 2008
    I touched base with the F5 PS guys - here is what I got back. Sounds like it is inline what you just posted.

     

     

    Recommended solution would be:

     

    -Use Insert header, in the custom HTTP profile that you applied to the virtual servers.

     

     

    For HTTPS Virtuals, insert: X-Forwarded-Proto, with a value of https

     

    For HTTP Virtuals, insert: X-Forwarded-Proto, with a value of http

     

     

    Of course you could also use apply an iRule to the Virtual Server, something like this should work:

     

     

    when HTTP_REQUEST {

     

    HTTP::header insert X-Forwarded-Proto “https”

     

    }

     

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 13, 2008
    If you're using this for anything other than reporting or logging, you should consider removing any existing headers with the name "X-Forwarded-Proto" before inserting it. This ensures that any headers the client inserts itself don't make it to the application. You can do this with the header erase option in the HTTP profile or in the iRule using HTTP::header remove "X-Forwarded-Proto".

     

     

    Aaron