fir3net
PPS-Firenetbanner-780.5x190-30-03-17
  • Home
  • Articles
  • Loadbalancers
  • Brocade
  • Brocade ADX - How do I insert X-Forwarded-Proto / X-Forwarded-For headers ?

Brocade ADX - How do I insert X-Forwarded-Proto / X-Forwarded-For headers ?

Within this article we will look at the configuration steps required adding headers to your HTTP based traffic.

The 2 headers we will look at are X-Forwarded-Proto and X-Forwarded-For. These headers are described below.

  • X-Forwarded-Proto - Inserts the protocol used between the client and the intermediary device (such as the LoadBalancer). Typically used when protocol translation is performed (such as SSL termination).
  • X-Forwarded-For - Inserts the client IP address. Typically used in SNAT scenarios where the Loadbalancer would only see connections originating from a translated IP address.

X-Forwarded-Proto

csw-policy "INSERT_X-FORWARDED-PROTO-HTTPS"
 default forward 1
 default rewrite request-insert header "X-Forwarded-Proto:https"

csw-policy "INSERT_X-FORWARDED-PROTO-HTTP"
 default forward 1
 default rewrite request-insert header "X-Forwarded-Proto:http"

server virtual VIP_88.88.88.88 192.168.1.88
 port ssl csw-policy "INSERT_X-FORWARDED-PROTO-HTTPS"
 port ssl csw
 port http csw-policy "INSERT_X-FORWARDED-PROTO-HTTP"
 port http csw
 bind http REALSERVER1 http
 bind http REALSERVER2 http
 bind http REALSERVER3 http
 bind ssl REALSERVER1 http
 bind ssl REALSERVER2 http
 bind ssl REALSERVER3 http

server real REALSERVER1 192.168.1.11
 port http
 port http keepalive
 port http group-id 1 1

server real REALSERVER2 192.168.1.12
 port http
 port http keepalive
 port http group-id 1 1

server real REALSERVER3 192.168.1.13
 port http
 port http keepalive
 port http group-id 1 1

X-Forwarded-For

csw-policy "INSERT_X-FORWARDED-FOR"
 default forward 1
 default rewrite request-insert client-ip "X-Forwarded-For"

server virtual VIP_88.88.88.88 192.168.1.88
 port http csw-policy "INSERT_X-FORWARDED-FOR"
 port http csw
 bind http REALSERVER1 http
 bind http REALSERVER2 http
 bind http REALSERVER3 http

server real REALSERVER1 192.168.1.11
 port http
 port http keepalive
 port http group-id 1 1

server real REALSERVER2 192.168.1.12
 port http
 port http keepalive
 port http group-id 1 1

server real REALSERVER3 192.168.1.13
 port http
 port http keepalive
 port http group-id 1 1

Combined

Below we combine both headers into a single csw-policy.

Note : For simplicity the virtual servers and real servers are not shown.

csw-policy "HEADER-INSERT-HTTP"
 default forward 1
 default rewrite request-insert header "X-Forwarded-Proto:http"
 default rewrite request-insert client-ip "X-Forwarded-For"

csw-policy "HEADER-INSERT-HTTPS"
 default forward 1
 default rewrite request-insert header "X-Forwarded-Proto:https"
 default rewrite request-insert client-ip "X-Forwarded-For"

 

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001