add X-Forwarded-Host to RS request

what would be the internal variable kemp uses for the incoming client hostname?

we have an application that needs to see the client's hostname in the X-Forwarded-Host header.

the X-Forwarded-For header as well as the others don't work for this.

 

using the Copy or add header options in the VS don't seem to work when copying the 'host' header to this.

 

the application is still seeing the VIP of the VS.

0

7 comments

Avatar

Francis Tam

Hi Tal,

You can try this

Navigate to Virtual Services --> View/Modify Services. Select the required VS you want to added this header.
In the VS expand the Advance Properties. Enter Host for Copy Header in Request. Enter X-Forwarded-Host for the To Header box. See attached image. 

 

 

 

 

0

Avatar

Tal Olin

Yes that's what i mentioned we tried already.

 

the only difference is we only added it to the subVS.

would it need to be added to the parent VS as well?

0

Avatar

Tal Olin

just to give some more insight into this:

these nginx settings need to be added to loadmaster per the vendors manual:

proxy_set_header X-Forwarded-Host $host:$server_port;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme; 

X-Forwarded-For, and X-Forwarded-Proto (add received cipher name) are easy as those are native. 

 

added this to the parent VS:

 

added this to the subVS:

 

Since transparency is off in the parent vs we need the headers passed:

0

Avatar

Tal Olin

Are you saying it's natively passed?

Because I know it's not, the xfh right now is the ip of the LM (not even the VS)

0

Avatar

Francis Tam

Hi Tal,

From my testing, if you copy the Host header to your X-Forwarded-Host header, that would be the hostname of the VIP being accessed, not the hostname of the client.

If you add the header in parent VS and subVS, the header gets added twice.

0

Avatar

Tal Olin

that sort of explains what we're seeing..

the 'hostname' being passed in our case is the eth1 ip of the LM (the default gw interface)

the LM does have a hostname setup, so curious that the ip is being passed and not the hostname.

..

that being said, if we wanted to pass the client ip as the xfh would that be possible?

i'm not sure if the real ip header is the most accurate, our XFF header is also inaccurate due to the same bug. perhaps the x-client-ip header?, in that case we'd need boolean logic to determine which to use

X-Real-Ip > X-Forwarded-Host
X-Real-Ip > X-Forwarded-For

X-Client-IP > X-Forwarded-Host

 

0

Avatar

Brando Turner

Try it anyway, maybe converting the client ip to xfh might be feasible.

0

Please to leave a comment.

Didn't find what you were looking for?