Forum Discussion

Lukasz_01_15307's avatar
Lukasz_01_15307
Icon for Nimbostratus rankNimbostratus
Sep 16, 2016

f5 irules add headers

Hello, I'm trying to replace Nginx with f5, and I have a few headers I need to set in f5, but I'm not sure how... in nginx the config file looks like this:

  proxy_set_header X-Forwarded-Host       $host;
  proxy_set_header Host                   $http_host;
  proxy_set_header X-Real-IP              $remote_addr;
  proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto      $scheme;

Is there any way of replicating this in f5? I was hoping to do this through irule, as I alredy have an irule assigned to one VS that changes url and uri and passes it to corect node:

when HTTP_REQUEST {
if { not (([HTTP::path] starts_with "/api/") or ([HTTP::path] starts_with "/auth") )} { return }
set apiType [lindex [split [HTTP::path] "/"] 2]
if {([HTTP::path] starts_with "/auth") }{
    set newSubdomain access.uat.
    HTTP::header replace "Host" [string map [list "api-uat." $newSubdomain ] [HTTP::host]]
    HTTP::path [string map [list "/api/$apiType" "/access"] [HTTP::path]]
    log local0. "New Path [HTTP::host][HTTP::path]"
    virtual keycloak_vs
    node 172.17.1.104 8080
} else {
    log local0. "api type $apiType"
    append newSubdomain $apiType .uat.
    log local0. "New Subdomain $newSubdomain"
    HTTP::header replace "Host" [string map [list "api-uat." $newSubdomain ] [HTTP::host]]
    HTTP::path [string map [list "/api/$apiType" "/api"] [HTTP::path]]
    log local0. "New Path [HTTP::host][HTTP::path]"
}
unset newSubdomain
unset apiType
}

not sure what else to include to make it clear.... The basic process is: user goes to api-uat.example.com/api/access f5 changes this to access.uat.example.com/auth (user don't see this)

This takes user to the page with links, one of the links is "log in", and when user chooses it should go to

api-uat.example.com/api/access/....
however for some reason URL in the browser is changed to
access.uat.example.com/auth/...
which is not accessible externally...

I'm guessing that the problem is with missing proxy headers like I have them in nginx (which doesn't get the same problem)

Hope this is clear enough 🙂

  • Hi, I think you need to rewrite the response to the reverse logic, so internal goes to external address.

     

    See this: https://devcentral.f5.com/codeshare?sid=645

     

    Basically you would use a profile stream and HTTP_RESPONSE event, then rewrite the contents headers and body before to send to the end user.

     

    Regards.