Hi Ckato,
you may use the iRule below as a staring point...
when HTTP_REQUEST {
Sanitize every instance of the given headers before inserting (the most secure way)
HTTP::header remove WL-Proxy-Client-IP
HTTP::header remove WL-Proxy-SSL
HTTP::header remove X-Forwarded-For
HTTP::header remove X-Forwarded-SRC_Port
HTTP::header remove X-Forwarded-DEST_IP
HTTP::header remove X-Forwarded-DEST_Port
Inserts the additional inbound headers
HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]
HTTP::header insert WL-Proxy-SSL True
HTTP::header insert X-Forwarded-For [IP::client_addr]
HTTP::header insert X-Forwarded-SRC_Port [TCP::client_port]
HTTP::header insert X-Forwarded-DEST_IP [IP::local_addr]
HTTP::header insert X-Forwarded-DEST_Port [TCP::local_port]
}
when HTTP_RESPONSE {
Inserts the additional outbound headers
HTTP::header insert WL-Proxy-Client-IP [IP::client_addr] ; is this really a requirement?
HTTP::header insert WL-Proxy-SSL True ; is this really a requirement?
HTTP::header insert X-Forwarded-For [IP::client_addr] ; is this really a requirement?
HTTP::header insert X-Forwarded-SRC_Port [TCP::client_port] ; is this really a requirement?
Inserts the additional cookie
HTTP::header insert Set-Cookie "DWP-SLB-Session=[IP::client_addr]:[TCP::client_port]:[IP::local_addr]:[TCP::local_port]; path=/"
Rewriting the location headers
if { [HTTP::header value Location] starts_with "http://" } then {
HTTP::header replace Location "https[string range [HTTP::header value Location] 4 end]"
}
}
For further information on the HTTP::header command take a look to...
https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx?lc=1
Note: The X-Forwarded-For header insert could be done using the HTTP profile, too. But I included it for streamlined configuration...
Note2: Review your response headers. I duno why you insert all the IP addresses into every response. Whats the intention behind?
Note3: The Set-Cookie could be tuned with an additional "Secure" and "HttpOnly" flag, so that the cookie could be accessed by browsers-only while using HTTPS-only.
Cheers, Kai