How to convert Cisco ACE header rewrites to F5

Question

How to convert Cisco ACE header rewrites to F5
How to write the irule for the following:&nbsp;
action-list type modify http HTTPS_REWRITE
  header insert both WL-Proxy-Client-IP header-value "%is"
  header insert both X-Forwarded-For header-value "%is"
  header insert both X-Forwarded-SRC_Port header-value "%ps"
  header insert request X-Forwarded-DEST_IP header-value "%id"
  header insert request X-Forwarded-DEST_Port header-value "%pd"
  header insert response Set-Cookie header-value "DWP-SLB-Session=%is:%ps:%id:%pd; path=/"
  header insert both WL-Proxy-SSL header-value "True"
  header rewrite response Location header-value "http:(.)" replace "https:%1"    &nbsp;
  ssl url rewrite location "."&nbsp;

kai_wilke · Answer

Hi Ckato,
you may use the iRule below as a staring point...
when HTTP_REQUEST {

Sanitize every instance of the given headers before inserting (the most secure way)
    HTTP::header remove WL-Proxy-Client-IP
    HTTP::header remove WL-Proxy-SSL
    HTTP::header remove X-Forwarded-For
    HTTP::header remove X-Forwarded-SRC_Port
    HTTP::header remove X-Forwarded-DEST_IP
    HTTP::header remove X-Forwarded-DEST_Port

Inserts the additional inbound headers
    HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]
    HTTP::header insert WL-Proxy-SSL True
    HTTP::header insert X-Forwarded-For [IP::client_addr]
    HTTP::header insert X-Forwarded-SRC_Port [TCP::client_port]
    HTTP::header insert X-Forwarded-DEST_IP [IP::local_addr]    
    HTTP::header insert X-Forwarded-DEST_Port [TCP::local_port]

}
when HTTP_RESPONSE {

Inserts the additional outbound headers
    HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]    ; is this really a requirement?
    HTTP::header insert WL-Proxy-SSL True                       ; is this really a requirement?
    HTTP::header insert X-Forwarded-For [IP::client_addr]       ; is this really a requirement?
    HTTP::header insert X-Forwarded-SRC_Port [TCP::client_port] ; is this really a requirement?

Inserts the additional cookie
    HTTP::header insert Set-Cookie "DWP-SLB-Session=[IP::client_addr]:[TCP::client_port]:[IP::local_addr]:[TCP::local_port]; path=/"

Rewriting the location headers
    if { [HTTP::header value Location] starts_with "http://" } then {
        HTTP::header replace Location "https[string range [HTTP::header value Location] 4 end]"
    }

}

For further information on the HTTP::header command take a look to...
https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx?lc=1
Note: The X-Forwarded-For header insert could be done using the HTTP profile, too. But I included it for streamlined configuration... 
Note2: Review your response headers. I duno why you insert all the IP addresses into every response. Whats the intention behind?
Note3: The Set-Cookie could be tuned with an additional "Secure" and "HttpOnly" flag, so that the cookie could be accessed by browsers-only while using HTTPS-only.
Cheers, Kai

Forum Discussion

How to convert Cisco ACE header rewrites to F5

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Convert .htaccess rewrite rules to iRule

Rewrite Host Header to Server Name

Converting TCL-Based iRules to Distributed Cloud Service Policies and L7 Routes

Alteon Config Converter

Request POST Header Rewrite of Origin and Referer