X-Forward Remove

Question

Hi, I am trying to write an irule for a vip were we have a http profile assigned and x-forward is enabled but for specific traffic going to that VIP we would like to remove the x-forward and see true client ip and have reach nodes on pool. Can someone give me a an example on how to accomplish this?

rsacheen · Answer

What kind of traffic do you mean by specific traffic? How about this simple example..&nbsp;
if { condition for your specific traffic } {  &nbsp;
        log local0. "some log message [IP::client_addr]:[TCP::client_port]"&nbsp;
        pool your_pool&nbsp;
      }&nbsp;
The above log will help you track the client IP from where the specific traffic originated.
The next line will direct the traffic to your desired pool.
Sorry if my answer doesn't serve your purpose.&nbsp;

rsacheen_310098 · Answer

What kind of traffic do you mean by specific traffic? How about this simple example..&nbsp;
if { condition for your specific traffic } {  &nbsp;
        log local0. "some log message [IP::client_addr]:[TCP::client_port]"&nbsp;
        pool your_pool&nbsp;
      }&nbsp;
The above log will help you track the client IP from where the specific traffic originated.
The next line will direct the traffic to your desired pool.
Sorry if my answer doesn't serve your purpose.&nbsp;

rsacheen_310098 · Answer

If you are trying to remove Header X-Forward-for, this might help
when HTTP_REQUEST {
HTTP::header remove X-Forwarded-For

}
write some condition for your specific traffic inside the when {}

rsacheen · Answer

If you are trying to remove Header X-Forward-for, this might help
when HTTP_REQUEST {
HTTP::header remove X-Forwarded-For

}
write some condition for your specific traffic inside the when {}

dragonflymr · Answer

Hi,&nbsp;
Depends what is exact scenario, is that like:
1. Most of the traffic - add XFF header via VS HTTP profile, use SNAT to change source IP before sending to pool members
2. For some traffic - remove XFF added by VS, disable SNAT so real client source IP is preserved when sending to pool members - in this case pool member will have def gateway set to BIG-IP self IP, if not return traffic will not go back via BIG-IP&nbsp;
If not what exactly is your case?&nbsp;
Piotr&nbsp;

Forum Discussion

X-Forward Remove

6 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

X-Forwarded-For on L4 VS

TCP Option 28 X-Forwarded-For Header

Extracting X-Forwarded-For in Node.js

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

X-FORWARDED header in WAF