Forum Discussion

BaltoStar_12467's avatar
May 27, 2015

F5 BIG-IP : SSL::disable serverside drops X-Forwarded-Proto ?

F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi

My site has a VIP that handles SSL traffic ( port 443 )

The corresponding virtual-server is assigned an HTTP profile that inserts

X-Forwarded-Proto:https

To this virtual-server I recently added an iRule that in the

HTTP_REQUEST
event conditionally disables SSL via
SSL::disable serverside

Is it possible that disabling SSL server-side causes F5 to drop the

X-Forwarded-Proto
header ? or change its value from
https
to
http
?

I ask because I'm seeing traffic arrive at destination web-server missing the

X-Forwarded-Proto
header.

  • Greg_Chew_31149's avatar
    Greg_Chew_31149
    Historic F5 Account

    John,

     

    I got this from https://devcentral.f5.com/questions/x-forwarded-proto-assistance

     

    If you want to insert this header and the client SSL profile only allows SSL requests (Non-SSL Connections is not enabled) then you can configure a custom HTTP profile with 'Header Erase' set to X-Forwarded-Proto and 'Header Insert' set to 'X-Forwarded-Proto: https'. This ensures that any existing X-Forwarded-Proto headers are removed and a new X-Forwarded-Proto header with a value of https is inserted.