Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to reverse the values in the X-Forwarded-For Header





This article will cover how to reverse the values in the X-Forwarded-For header in the event multiple values are present.


Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

What is the difference between this option and "X-Forwarded-For (No Via)" ?

Is there some way to change the order of the IP adresses recorded in that header ? Maybe with selecting another choice in the X-Forwarded-For options ?

Steps to Reproduce: Connect through a proxy on the way to the Virtual Service.
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: The X-Forwarded-For header contains multiple values when the client connects through a proxy server prior to connecting to the Virtual Service.

Navigate to Rules & Checking > Content Rules > Create New. Name the rule, set the Rule Type to Replace Header, set the Match String to /(.*),+(.*)/, and set the Value of header field to be replaced to \2,+\1.

Note, if there are more than two IPs present in this header, an additional ,+(.*) should be added to the Match String.


Each (.*) represents any value that would precede or succeed ,+, including the possibility of values other than IP addresses.

Ordering is important in the above syntax. Each number coupled with a preceding \ represents the position in the set of parenthesis in the Match String syntax. These are called capture groups in the RegEx language. The first capture group corresponds in the Value of header field to be replaced as \1, with the second capture group represented by \2, etc.

When the Content Rule has been created, navigate to Virtual Services > View/Modify Services > modify the desired Virtual Service > if applicable, modify the desired SubVS within the SubVSs tab > Advanced Properties > HTTP Header Modifications > Request Rules > select and apply your newly created rule. Please note, in order for the Advanced Properties fields to appear on a Virtual Service listening on port 443, SSL Acceleration will need to be enabled


Once applied, the order of the X-Forwarded-For header will be rearranged as it arrives at the real server(s).

Workaround: Remove the proxy server between the client and the Virtual Service.

Was this article helpful?
0 out of 0 found this helpful