CloudFlare and F5 LTM X-Forwarded-For and X-Forwarded-Proto

If you want an application (such as Hippo) be able to determine what page is served with what protocol (http/https), you must insert an HTTP header when using a Apache ProxyPass.

When you use CloudFlare, the correct headers are inserted by default.

When you use an F5 loadbalancer, or in fact any loadbalancer or proxy, you must tell the loadbalancer to insert these two headers:

When you use a combination of the two, you have to make the loadbalancer a little smarter; it must detect if the header is present and add the header if not. That can be done by iRules.

The first iRule is to add "X-Forwarded-For" to the header:

when HTTP_REQUEST {
if {![HTTP::header exists X-Forwarded-For]}{
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}
}

The second one is a bit more complex; it needs to verify if the X-Forwarded-Proto is available, and if not, add it, but based on it's original request to either port 80 (http) or port 443 (https):

when HTTP_REQUEST {
if {![HTTP::header exists X-Forwarded-Proto]}{
if {[TCP::local_port] equals 80}{
HTTP::header insert X-Forwarded-Proto "http"
} elseif {[TCP::local_port] equals 443}{
HTTP::header insert X-Forwarded-Proto "https"
}
}
}

Add these two iRules to your Virtual Service and with or without CloudFlare (or any other CDN) and your application can find the two headers to decide how to rewrite traffic.

Comments

Download movies like never

Download movies like never before with one of the best app over internet get your Showbox now !!!!
http://theshowbox.org/

Download movies like never

Download movies like never before with one of the best app over internet get your Showbox now !!!!
showbox apk

I have read on other site

I have read on other site that CloudFlare does append both X-Forwarded-For and X-Forwarded-Proto headers. You are amazing. You have cleared my concept about this topic! http://www.midnightessays.com/buy-cheap-research-paper

I have read on other site

I have read on other site that CloudFlare does append both X-Forwarded-For and X-Forwarded-Proto headers. You are amazing. You have cleared my concept about this topic!

I have been reading out a

I have been reading out a quantity of your articles and it is lovely stuff. I will certainly bookmark your site. SEX CLUBS

F5 loadbalancer is a great

F5 loadbalancer is a great application. I will definitely use it soon. Check my website to read more interesting information

useful

useful

Your article has some

Your article has some heavy-duty information. That being said, it's still easy to understand, alluring and sensible. It takes an excellent writer with great instincts to write content like this. Thank you for sharing this. sports betting

Ranveer singh's electricity

Ranveer singh's electricity and kapil sharma's comic expertise makes for one befikre episode of the kapilsharmashowfans.com. However wait a minute, why everyone is dressed as mastani from ranveer and deepika padukone's film bajirao mastani? Well, maybe ranveer singh become missing someone unique at the show

Get to know some unknown

Get to know some unknown facts about theapp then you can visit our website.
Hotstar apk
OGYoutube APK

About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]