Hi ,
you could either insert the
X-Forwarded-For
header just on the first HA pair and disable the
X-Forwarded-For
insertation on the second HA pair (see HTTP Profile options).
Alternatively you can use the following iRule on the second unit to consolidate multiple
X-Forwarded-For
's into a single header.
when HTTP_REQUEST {
if { [set x_forwarded [HTTP::header values "X-Forwarded-For"]] ne "" } then {
HTTP::header remove "X-Forwarded-For"
HTTP::header insert "X-Forwarded-For" "[join $x_forwarded ", "], [getfield [IP::client_addr] "%" 1]"
} else {
HTTP::header insert "X-Forwarded-For" "[getfield [IP::client_addr] "%" 1]"
}
}
The iRule will collect any existing X-Forwarded-For header values, then remove any existing X-Forwarded-For headers and finally create a new one with the collected values + the current "X-Forwarded-For" value. E.g.:
Incomming HTTP request headers:
GET / HTTP/1.1
Host: site.domain.de
...
X-Forwarded-For: 1.1.1.1
X-Forwarded-For: 2.2.2.2, 3.3.3.3
X-Forwarded-For: 4.4.4.4
Outgoing HTTP request headers
GET / HTTP/1.1
Host: site.domain.de
...
X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5
Note: When using the iRule on your second HA pair, then make sure to disable the automatic X-Forwarded-For insert option in your HTTP profile on those devices. The insert will be already handled by this iRule...
Cheers, Kai