Forum Discussion

Lloyd_Carter's avatar
Lloyd_Carter
Icon for Nimbostratus rankNimbostratus
May 21, 2024

HTTP Header Rewrite - X-Forwarded-Proto

Hi All,

I have an issue wherein our client has added a new data source, which is traversing a load balancer before it reaches us. The clients Load Balancer is inserting X-Forwarded-Proto: HTTPS to the header. The Virtual Server on our side is also inserting X-Forwarded-Proto: HTTPS, which results in the header looking like this:

X-Forwarded-Proto: https, https

 

Our web servers are not happy with this and are dropping the traffic with a 403 error.

Client have advised that they cannot fix this on their side, and we need to fix it on our side. I am reluctant to make any changes to working existing traffic, and we need the X-Forwarded-Proto: HTTPS 

My plan was to add an iRule to modify the headers to correct the error, but only for the source that's failing, identifying the traffic using the Client IP. 

Here is the iRule I was planning to use. Can anyone advise if this approach will work theoretically, and if my iRule looks correct?

when HTTP_REQUEST {
    if {![class match [IP::client_addr] equals ip_group]} {
        HTTP::header replace "X-Forwarded-Proto" "https"
    }
}


Thanks in advance.

  • iRule looks fine.  Make sure Request Header Insert option under HTTP profile is disabled for X-Forwarded-Proto. So that it doesn't duplicate it. 

  • Thanks Sanjay for having a look and for the tip. I'll make sure that's disabled.