Forum Discussion

breasoner_11658's avatar
breasoner_11658
Icon for Nimbostratus rankNimbostratus
Mar 02, 2012

Inserting WL-Proxy-SSL header via iRule

Hello -

 

 

 

I have an application that is a bit strange in the sense that certain pages require the "WL-Proxy-SSL: true" request header to display all elements on the page via SSL, but other pages on the site won't load with that header inserted. I am able to selectively remove the request header for the elements that won't use it, but there are about 25 of them as opposed to 4 elements that need the header. I have read everything that I can find regarding the HTTP::header insert string, but it just doesn't work for me. I'm running BIG-IP version 10.2.0 HF2. According to everything I've read, this should work! What am I missing?

 

 

Below is an excerpt of the current iRule:

 

 

Portal context

 

set portal_uri "/portal"

 

 

Layouts context

 

set layouts_uri "/_layouts"

 

 

Set Header information

 

set WLheader "WL-Proxy-SSL"

 

set WLheaderVal "true"

 

 

Retrieve the list of pools from the data group list

 

set clientPoolList [ findclass $host $DATA_GROUP_LIST " " ]

 

 

Route requests to Portal.

 

if { $uri starts_with $portal_uri }{

 

HTTP::header insert $WLheader $WLheaderVal

 

Identify the Portal pool

 

set portal_pool [getfield $clientPoolList " " 3]

 

log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"

 

pool $portal_pool

 

return

 

 

} elseif { $uri starts_with $layouts_uri }{

 

HTTP::header insert $WLheader $WLheaderVal

 

log local0. "Inserting $WLheader: [HTTP::header value $WLheader]"

 

Identify the Portal pool

 

set portal_pool [getfield $clientPoolList " " 3]

 

log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"

 

pool $portal_pool

 

return

 

 

 

 

 

 

 

application delivery
dev
devops
iRules

15 Replies

Sort By
Show More
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 02, 2012
    As Joe said, your logs from the iRule show the value of the header. This log line:

     

     

    log local0. "Inserting $WLheader: [HTTP::header value $WLheader]"

     

     

    Logs the name and value:

     

     

    Mar 2 14:55:11 local/tmm info tmm[5150]: Rule QA-Portal-Shared-IP-plus-Jasper < HTTP_REQUEST >: Inserting WL-Proxy-SSL: true

     

     

    So can you clarify what the issue is? Is it that the other header logging rule doesn't show the header? If so, can you either make sure the logging rule is ordered after the rule which is doing the insert on the virtual server's resources tab? Or you can specify a priority for the logging rule to force it to run after the header insert rule.

     

     

    https://devcentral.f5.com/wiki/iRules.priority.ashx

     

     

    Aaron
  • breasoner_11658's avatar
    breasoner_11658
    Icon for Nimbostratus rankNimbostratus
    Mar 06, 2012
    I made sure the the logging rule is ordered last. The header isn't getting inserted. I think the only reason that the log entry is showing up in the logging for the irule is because I am foring it to show up in the log.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 06, 2012
    It might be faster to open a support case on this so they can review the full virtual server definition and each iRule assigned. That said...

     

     

    If you log 'Inserting $WLheader: [HTTP::header value $WLheader]' and it shows the value 'true' that means the header has been inserted in the request which is sent to the pool member.

     

     

    How are you determining that the header isn't being inserted if the logging iRule shows the value? Are you checking a tcpdump of the serverside traffic, checking server logs or something else? A tcpdump of the serverside traffic should prove this out conclusively.

     

     

    Aaron
  • breasoner_11658's avatar
    breasoner_11658
    Icon for Nimbostratus rankNimbostratus
    Mar 09, 2012
    OK, so the mystery has been solved. As it turns out, I needed to insert the header in one additional place: 

    
 Route WFM requests to 3G Pool
    } elseif { $uri starts_with $wfm3g_wfm_uri }{
  HTTP::header insert $WLheader $WLheaderVal
log local0. "Inserting $WLheader: [HTTP::header value $WLheader]"
        set wfm3g_pool [getfield $clientPoolList " " 1]
        log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri"
        pool $wfm3g_pool
      return

    So the reason that I wasn't seeing the header inserted in the other sections is that they weren't actually getting loaded since the header wasn't getting inserted in this section.

    Thanks for all of the help guys, it is much appreciated. Sorry if I wasted anyone's time.

    Brian.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 09, 2012
    Nice work in figuring this out. I was confused by the symptoms :)

     

     

    Aaron