F5 BIG-IP : SSL::disable serverside drops X-Forwarded-Proto ?

Question

F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi
My site has a VIP that handles SSL traffic ( port 443 ) 
The corresponding virtual-server is assigned an HTTP profile that inserts X-Forwarded-Proto:https
To this virtual-server I recently added an iRule that in the HTTP_REQUEST event conditionally disables SSL via SSL::disable serverside
Is it possible that disabling SSL server-side causes F5 to drop the X-Forwarded-Proto header ?  or change its value from https to http ?
I ask because I'm seeing traffic arrive at destination web-server missing the X-Forwarded-Proto header.

greg_chew_31149 · Answer

John, &nbsp;
I got this from https://devcentral.f5.com/questions/x-forwarded-proto-assistance&nbsp;
If you want to insert this header and the client SSL profile only allows SSL requests (Non-SSL Connections is not enabled) then you can configure a custom HTTP profile with 'Header Erase' set to X-Forwarded-Proto and 'Header Insert' set to 'X-Forwarded-Proto: https'. This ensures that any existing X-Forwarded-Proto headers are removed and a new X-Forwarded-Proto header with a value of https is inserted. &nbsp;

Forum Discussion

F5 BIG-IP : SSL::disable serverside drops X-Forwarded-Proto ?

1 Reply

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

behavior of SSL::disable serverside

Serverside SNI injection iRule

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

X-Forwarded-Proto on policy

How to disable weak cipher from Client SSL Profile