Forum Discussion

webber_140294's avatar
webber_140294
Icon for Nimbostratus rankNimbostratus
Dec 20, 2013

Irule to strip header Xforwarded ssh/sftp

I have an Irule that strips out the xforwarded header information and passes the client IP to our servers instead of the F5 IP. I would like to set up an Irule to strip header Xforwarded for ssh/sftp requests. Has anyone tried this before or know of a link? I have searched dev central with no luck. Thanks in advance

 

3 Replies

  • X-Forwarded-For is an HTTP header. There is no equivalent header capability in SSH/SFTP. You could possibly add it to a TCP Options, but you would then need a way to extract it at the SSH/SFTP server. This would be in no way as simple as working with HTTP headers.

     

    Eric

     

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account

    As Eric said, it would be...possible, I suppose, but absolutely horrendous. Not only would you have to somehow decrypt the protocol but you'd than have to actually scan each packet to look for the data you want to drop. The reason that HTTP headers are so easy to manipulate/drop within iRules is because we have custom profiles that are built into the system to process and expose those to you via iRules (or other means). If there are specific features you need or would like added to do similar things with other protocols, we definitely want to hear about it. You should post here as well as let your sales rep know what it is you're looking for and why. The more data we get about people trying to do things we can't quite support currently, the more chance there is that we can grow our functionality.

     

    Thanks! -Colin

     

    • webber_140294's avatar
      webber_140294
      Icon for Nimbostratus rankNimbostratus
      Colin thanks for the reply I know my response is delayed but this helps