irule for x forwarder

Question

We have virtual server with wildcard certificate installed , like *apps.abc.com . I need have x forwarder enabled when there is request for name1.apps.abc.com , Similarly I need to disable x forwarder when there is request for name2.apps.abc.com . Is this feasible with IRULE . kindly comment on this .

kai_wilke · Answer

Hi Santhoshkumar,
you may try the iRule below...
when HTTP_REQUEST {
    set low_hostname [string tolower [HTTP::host]]
    if { ( $low_hostname eq "name1.apps.abc.com" ) or 
         ( $low_hostname eq "nameX.apps.abc.com" ) } then {
         Site requires X-Forwarded-For headers. Adding the X-Forwarded-For header to request... 
        HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]
    } else { 
         Do nothing. Site doesn't require X-Forwarded-For header to be present...
    }
}

Cheers, Kai

santhoshkumar_s · Answer

Hi Kai , 
 Thanks for your response on this , I have multiple FQDN { eg 10 No's}  which need X forwarder only one FDQN which doesn't need to X forwarder . How we can achieve this . Kindly advise . Thanks &nbsp;

kai_wilke · Answer

Hi Santhoshkumar,&nbsp;you may change the code to not insert the X-Forwarded-For header for a specific HTTP::host value (e.g. name2.apps.abc.com) and then insert the header on every other request...&nbsp;when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] eq "name2.apps.abc.com" } then {
         Do nothing. Site doesn't require X-Forwarded-For header to be present...
    } else { 
         Site requires X-Forwarded-For header. Adding the X-Forwarded-For header to request... 
        HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]
    }
}Cheers, Kai&nbsp;

yann_desmarest · Answer

Hi,
You can also use switch or a datagroup :
using SWITCH :
    when HTTP_REQUEST {
        switch [HTTP::host] {
            "name1.apps.abc.com" - 
            "namex.apps.abc.com" {
                 HTTP::header remove "X-Forwarded-For"
                 or do nothing
            }
            default {
                HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]
            }
        }
    }

Using DATAGROUPS
    when HTTP_REQUEST {
        if { [class match [HTTP::host] contains X_FORWARD_HOST] } {
            HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]
        } else {
             HTTP::header remove "X-Forwarded-For"
             or do nothing
        }
    }

Once you know the logic of those commands, you can choose the way you want to manage your exceptions.

yann_desmarest_ · Answer

Hi,
You can also use switch or a datagroup :
using SWITCH :
    when HTTP_REQUEST {
        switch [HTTP::host] {
            "name1.apps.abc.com" - 
            "namex.apps.abc.com" {
                 HTTP::header remove "X-Forwarded-For"
                 or do nothing
            }
            default {
                HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]
            }
        }
    }

Using DATAGROUPS
    when HTTP_REQUEST {
        if { [class match [HTTP::host] contains X_FORWARD_HOST] } {
            HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]
        } else {
             HTTP::header remove "X-Forwarded-For"
             or do nothing
        }
    }

Once you know the logic of those commands, you can choose the way you want to manage your exceptions.

Forum Discussion

irule for x forwarder

Recent Discussions

iRule command to allow IP range to access specific URL

When user goes through LB the server page has stripped information

HIGHLY RECOMMENDED LOST CRYPTOCURRENCY RECOVERY SERVICE/ DIGITAL TECH GUARD RECOEVRY

Help with an I-rule rewrite

When adding new GTM(DNS) to the existing group, if software version is not same, what will happen?

Related Content

Universal Persistence with X-forwarder

Need help - Configure forwarding proxy chain

About client profile (apm-forwarding-client-tcp)

iRule to forward to subsites

iRULE regsub error