how to replace the address of the True-Client-ip header to x-forwarded-for header？

Question

I am having issues passing the True-Client-IP from AKAMAI.&nbsp;
They pass the end users IP via a variable called True-CLient-IP&nbsp;
Does anyone know an easy way to be able replace from True-Client-ip addr to X-Forwarded-for addr.&nbsp;
===&nbsp;
I want to replace from the address of the True-Client-ip to x-forwarded-for.
However, if the existing x-forwarded-for header, it is replace by overwriting,
If not, inserting the x-forwarded-for.&nbsp;
forexample)
&nbsp;
• True-Client-IP: 1.1.1.1         ==&gt;X-FORWARD-FOR: 1.1.1.1&nbsp;
&nbsp;
• True-Client-IP: 1.1.1.1 &amp; X-FORWARD-FOR: 2.2.2.2,3.3.3.3   ==&gt;X-FORWARD-FOR: 1.1.1.1&nbsp;
thank u&nbsp;

nitass · Answer

e.g.
 configuration

[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  HTTP::header remove "X-Forwarded-For"
  HTTP::header insert "X-Forwarded-For" [HTTP::header "True-Client-IP"]
  HTTP::header remove "True-Client-IP"
}
}

test 1

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(39911) &lt;-&gt; 172.28.24.10(80)
1433154499.9974 (0.0196)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
True-Client-IP: 1.1.1.1

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(39911) &lt;-&gt; 200.200.200.101(80)
1433154500.0255 (0.0263)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
X-Forwarded-For: 1.1.1.1

---------------------------------------------------------------

test 2

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(39912) &lt;-&gt; 172.28.24.10(80)
1433154537.6090 (0.0015)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
True-Client-IP: 1.1.1.1
X-Forwarded-For: 2.2.2.2,3.3.3.3

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(39912) &lt;-&gt; 200.200.200.101(80)
1433154537.6109 (0.0016)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
X-Forwarded-For: 1.1.1.1

---------------------------------------------------------------

test 3

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(39913) &lt;-&gt; 172.28.24.10(80)
1433154588.4812 (0.0024)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(39913) &lt;-&gt; 200.200.200.101(80)
1433154588.4830 (0.0016)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
X-Forwarded-For:

---------------------------------------------------------------

nitass_89166 · Answer

e.g.
 configuration

[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  HTTP::header remove "X-Forwarded-For"
  HTTP::header insert "X-Forwarded-For" [HTTP::header "True-Client-IP"]
  HTTP::header remove "True-Client-IP"
}
}

test 1

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(39911) &lt;-&gt; 172.28.24.10(80)
1433154499.9974 (0.0196)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
True-Client-IP: 1.1.1.1

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(39911) &lt;-&gt; 200.200.200.101(80)
1433154500.0255 (0.0263)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
X-Forwarded-For: 1.1.1.1

---------------------------------------------------------------

test 2

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(39912) &lt;-&gt; 172.28.24.10(80)
1433154537.6090 (0.0015)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
True-Client-IP: 1.1.1.1
X-Forwarded-For: 2.2.2.2,3.3.3.3

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(39912) &lt;-&gt; 200.200.200.101(80)
1433154537.6109 (0.0016)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
X-Forwarded-For: 1.1.1.1

---------------------------------------------------------------

test 3

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(39913) &lt;-&gt; 172.28.24.10(80)
1433154588.4812 (0.0024)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(39913) &lt;-&gt; 200.200.200.101(80)
1433154588.4830 (0.0016)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
X-Forwarded-For:

---------------------------------------------------------------

rocket-boy_1877 · Answer

Hi nitass,

Thank u for your quick reply
it's so simple!

i will test this iRule

BR

rocket-boy_1877 · Answer

Hi nitass,

Thank u for your quick reply
it's so simple!

i will test this iRule

BR

Forum Discussion

how to replace the address of the True-Client-ip header to x-forwarded-for header？

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

X-Forwarded-For on L4 VS

TCP Option 28 X-Forwarded-For Header

Extracting X-Forwarded-For in Node.js

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

Akamai True-Client-IP Header Persistence