iRule for Swapping XFF with Something Custom(Microsoft)

Question

What is the syntax for a simple iRule that takes a standard X-Forwarded-For header and rewrites it to a different header name. I have a WAF in front of an LTM, which is in front of an ADFS Proxy environment, which does not use the XFF header, but uses instead "X-MS-Forwarded-Client-IP". The WAF will send a standard XFF header, but then I need the f5 to rewrite it to something the ADFS Proxies can parse.

Example, f5 will receive:

X-Forwarded-For: 1.1.1.1

I then want the f5 to rewrite to:

X-MS-Forwarded-Client-IP: 1.1.1.1

Thanks all in advance for your help!

wralon · Answer

I have tried the following, but it does not seem to be working....

when HTTP_REQUEST {

if {[HTTP::header exists X-Forwarded-For]}{

HTTP::header insert X-MS-Forwarded-Client-IP [HTTP::header X-Forwarded-For]

} else {

HTTP::header insert X-MS-Forwarded-Client-IP [IP::client_addr]

}

ryank5589 · Answer

Hey, I was wondering if there was ever a resolution to this issue? I am also running into the same issue where I need to see the X-MS-Forwarded-Client-IP due to the traffic going to the ADFS proxy environment and it not being able to accept the XFF.

Forum Discussion

iRule for Swapping XFF with Something Custom(Microsoft)

2 Replies

Recent Discussions

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

Knowledge sharing: High CPU/Memory/Swap investigation/troubleshooting

APM RDP Access not working - I'm sure I'm missing something!

iRule TCL: if 'something' in 'list' then, syntax/parser error

Why SDN (or something like it) was Inevitable: Service Velocity

Can we swapped VIPs ip addresses in F5 ?