How to reverse the values in the X-Forwarded-For Header
Information
| Summary: |
This article will cover how to reverse the values in the X-Forwarded-For header in the event multiple values are present. |
| Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any |
| Question/Problem Description: |
What is the difference between this option and "X-Forwarded-For (No Via)" ? Form the docs, i think the "X-Forwarded-For (+ Via)" adds the IP address of the Kemp LoadMaster (the reverse Proxy) in the header. I am asking about these options because we recently found an IPV6 address in our IIS logs files for this header (X-Forwarded-For). For the request, there were two IP addresses in that header. The first one was the IPv6 and the second one was the IPV4 of the client. We have a script that interprets the first IP Address in this header (X-Forwarded-For). Since it wasn't prepared for IPV6 addresses, it crashed and we had to adapt it. Is there some way to change the order of the IP adresses recorded in that header ? Maybe with selecting another choice in the X-Forwarded-For options ? |
| Steps to Reproduce: | Connect through a proxy on the way to the Virtual Service. |
| Error Message: | |
| Defect Number: | |
| Enhancement Number: | |
| Cause: | The X-Forwarded-For header contains multiple values when the client connects through a proxy server prior to connecting to the Virtual Service. |
| Resolution: |
Navigate to Rules & Checking > Content Rules > Create New. Name the rule, set the Rule Type to Replace Header, set the Match String to /(.*),+(.*)/, and set the Value of header field to be replaced to \2,+\1. Note, if there are more than two IPs present in this header, an additional ,+(.*) should be added to the Match String. Each (.*) represents any value that would precede or succeed ,+, including the possibility of values other than IP addresses. Ordering is important in the above syntax. Each number coupled with a preceding \ represents the position in the set of parenthesis in the Match String syntax. These are called capture groups in the RegEx language. The first capture group corresponds in the Value of header field to be replaced as \1, with the second capture group represented by \2, etc. When the Content Rule has been created, navigate to Virtual Services > View/Modify Services > modify the desired Virtual Service > if applicable, modify the desired SubVS within the SubVSs tab > Advanced Properties > HTTP Header Modifications > Request Rules > select and apply your newly created rule. Please note, in order for the Advanced Properties fields to appear on a Virtual Service listening on port 443, SSL Acceleration will need to be enabled Once applied, the order of the X-Forwarded-For header will be rearranged as it arrives at the real server(s). |
| Workaround: | Remove the proxy server between the client and the Virtual Service. |
| Notes: |