CloudFlare and F5 LTM X-Forwarded-For and X-Forwarded-Proto

If you want an application (such as Hippo) be able to determine what page is served with what protocol (http/https), you must insert an HTTP header when using a Apache ProxyPass.

When you use CloudFlare, the correct headers are inserted by default.

When you use an F5 loadbalancer, or in fact any loadbalancer or proxy, you must tell the loadbalancer to insert these two headers:

When you use a combination of the two, you have to make the loadbalancer a little smarter; it must detect if the header is present and add the header if not. That can be done by iRules.

The first iRule is to add "X-Forwarded-For" to the header:

when HTTP_REQUEST {
if {![HTTP::header exists X-Forwarded-For]}{
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}
}

The second one is a bit more complex; it needs to verify if the X-Forwarded-Proto is available, and if not, add it, but based on it's original request to either port 80 (http) or port 443 (https):

when HTTP_REQUEST {
if {![HTTP::header exists X-Forwarded-Proto]}{
if {[TCP::local_port] equals 80}{
HTTP::header insert X-Forwarded-Proto "http"
} elseif {[TCP::local_port] equals 443}{
HTTP::header insert X-Forwarded-Proto "https"
}
}
}

Add these two iRules to your Virtual Service and with or without CloudFlare (or any other CDN) and your application can find the two headers to decide how to rewrite traffic.

Comments

Ranveer singh's electricity

Ranveer singh's electricity and kapil sharma's comic expertise makes for one befikre episode of the kapilsharmashowfans.com. However wait a minute, why everyone is dressed as mastani from ranveer and deepika padukone's film bajirao mastani? Well, maybe ranveer singh become missing someone unique at the show

WifiKill APK is basically a

WifiKill APK is basically a wifi network controller app. It can disable the internet connection of other devices connected to the same wifi network. It is a very usefull tool for wifi internet users - using which you can cut other people off form a common wifi network and allocate all the bandwidth to yourself. The app is for Android only and it requires root access.

I might want to value your

I might want to value your diligent work you wrote this post, Thanks for sharing this profitable post help for writing essays.

Get all information related

Get all information related to aadhar card on Eaadharcardstatus.in like , online status, list of documents for identity and many more information here.
https://eaadharcardstatus.in/

This is really something

This is really something brilliant. Thanks for posting!!

Pokemesh app download

Such brilliant. I did learn a

Such brilliant. I did learn a very important information that I could use. - Mark Zokle

About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]