Forum Discussion

Collums's avatar
Collums
Icon for Nimbostratus rankNimbostratus
Apr 24, 2018

How to apply X-Forwarded-Proto https to specific client

We are migrating to a new set of web servers and I am wanting to re-use the existing F5 configuration, same WIP, VIPs, and SSL profile. I figured this would be as simple as creating a pool for the new servers, using an irule to redirect specific clients during the testing phase, and then changing the default pool when ready to go live.

 

The redirect is working as expected but some scripts are being blocked on the new home page. The existing VS is using an HTTP profile with the "Insert X-Forwarded-For" enabled but the web consultants are saying that an "X-Forwarded-Proto" "https" needs to be used.

 

I found lots of posts about how to implement the protocol forwarding but I don't want it to be applied to any clients outside of the testing group as they are still going to the old servers. I am probably over thinking this but is there a way to do that?

 

3 Replies

  • Hi

     

    Can you post a desensitised version of your current irule?

     

  • See these pages, as they have all information about what you need:

    https://devcentral.f5.com/wiki/irules.class.ashx

    https://devcentral.f5.com/wiki/irules.http__header.ashx

    You need a datagroup to define the users IPs for the new service, and to add the header. Something like this, not tested, just copied from those solutions:

    when HTTP_REQUEST {
        if { [class match [IP::client_addr] equals "localusers_dg" ] } {
            HTTP::header insert "X-Forwarded-Proto" "https"
        }
    }
    
  • Here is the irule. The CLIENT_ACCEPTED part works perfect but the HTTP_REQUEST does not as I am still getting blocked content errors on the new site. I think the "Insert X-Forwarded-For" being enabled might be causing a problem but I cant remove it without breaking the current site.

     

    when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals xx.xx.xx.xx] } { pool New_WWW_Pool } } when HTTP_REQUEST { HTTP::header insert "X-Forwarded-Proto" "https"; }