Brocade ADX: Insert X-Forwarded-Proto & X-Forwarded-For Headers

Within this article we will look at the configuration steps required adding headers to your HTTP based traffic.

The 2 headers we will look at are X-Forwarded-Proto and X-Forwarded-For. These headers are described below.

• X-Forwarded-Proto – Inserts the protocol used between the client and the intermediary device (such as the LoadBalancer). Typically used when protocol translation is performed (such as SSL termination).
• X-Forwarded-For – Inserts the client IP address. Typically used in SNAT scenarios where the Loadbalancer would only see connections originating from a translated IP address.

X-Forwarded-Proto

csw-policy “INSERT_X-FORWARDED-PROTO-HTTPS”
default forward 1
default rewrite request-insert header “X-Forwarded-Proto:https”

csw-policy “INSERT_X-FORWARDED-PROTO-HTTP”
default forward 1
default rewrite request-insert header “X-Forwarded-Proto:http”

server virtual VIP_88.88.88.88 192.168.1.88
port ssl csw-policy “INSERT_X-FORWARDED-PROTO-HTTPS”
port ssl csw
port http csw-policy “INSERT_X-FORWARDED-PROTO-HTTP”
port http csw
 bind http REALSERVER1 http
 bind http REALSERVER2 http
 bind http REALSERVER3 http
 bind ssl REALSERVER1 http
 bind ssl REALSERVER2 http
 bind ssl REALSERVER3 http

server real REALSERVER1 192.168.1.11
 port http
 port http keepalive
port http group-id 1 1

server real REALSERVER2 192.168.1.12
 port http
 port http keepalive
port http group-id 1 1

server real REALSERVER3 192.168.1.13
 port http
 port http keepalive
port http group-id 1 1

X-Forwarded-For

csw-policy “INSERT_X-FORWARDED-FOR”
default forward 1
default rewrite request-insert client-ip “X-Forwarded-For”

server virtual VIP_88.88.88.88 192.168.1.88
port http csw-policy “INSERT_X-FORWARDED-FOR”
port http csw
 bind http REALSERVER1 http
 bind http REALSERVER2 http
 bind http REALSERVER3 http

server real REALSERVER1 192.168.1.11
 port http
 port http keepalive
port http group-id 1 1

server real REALSERVER2 192.168.1.12
 port http
 port http keepalive
port http group-id 1 1

server real REALSERVER3 192.168.1.13
 port http
 port http keepalive
port http group-id 1 1

Combined

Below we combine both headers into a single csw-policy.

Note : For simplicity the virtual servers and real servers are not shown.

csw-policy “HEADER-INSERT-HTTP”
default forward 1
default rewrite request-insert header “X-Forwarded-Proto:http”
default rewrite request-insert client-ip “X-Forwarded-For”

csw-policy “HEADER-INSERT-HTTPS”
default forward 1
default rewrite request-insert header “X-Forwarded-Proto:https”
default rewrite request-insert client-ip “X-Forwarded-For”

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial