NimbostratusHi all, we have an application on our server which can't determine if the request is https or http coming from F5. X-Forwarded option have been enabled but the issue still persist. Should
I have try with the irule below for X-Forwarded-Proto but somehow I got an error.
I have also try to insert "https" for Request Header Insert but the issue still persist.
NimbostratusHI
you miss
}when HTTP_REQUEST {
if { [ssl::mode] == 1 } {
if {!( [HTTP::header "x-Forwarded-Proto" ] eq "https") }{
HTTP::header insert x-Forwarded-Proto "https"
}
if {!( [HTTP::header exists "x-Forwarded-Port" ]) }{
HTTP::header insert x-Forwarded-Port [TCP::local_port]
}
}
}
have a good day!!!
MVPHi Doran,
you could streamline your iRule by moving the protocol enumeration into the
CLIENT_ACCEPTED$variable$variableHTTP_REQUESTwhen CLIENT_ACCEPTED {
if { [PROFILE::exists clientssl] } then {
set client_protocol "https"
} else {
set client_protocol "http"
}
}
when HTTP_REQUEST {
HTTP::header remove "X-Forwarded-Proto"
HTTP::header insert "X-Forwarded-Proto" $client_protocol
HTTP::header remove "X-Forwarded-Port"
HTTP::header insert "X-Forwarded-Port" [TCP::local_port]
}
Note: In addition you should review your application if it would introduce certain risks if the client sends handcrafted X-Forwarded-Proto and X-Forwarded-Port headers to your application. If this scenario introduce some risks or if you can figure out the assosiated risks, then make sure to
any existing [HTTP::header remove]
and X-Forwarded-Proto
headers before X-Forwarded-Port
your verified values...[HTTP::header insert]
Cheers, Kai