When load balancing HTTP/S with F5 BIG-IP, make S-NAT and add X-Forwarded-Proto, X-Forwarded-For HTTP header.
The setting method of this time is based on the information of this discussion.
- Verification configuration
- Setup and operation confirmation
- Adding X-Forwarded-Port?
- Conclusion - Setting to give X-Forwarded-Proto in BIG-IP
Verification version: F5 BIG-IP VE 13.0.0 (Build 0.0.1645)
Setup and operation confirmation
The basic setting is as follows. Create Node and Pool for Rails, create Virtual Server and allocate it. For testing with normal HTTP, the type (Type) uses Performance (HTTP).
Packets are here.
Vertual Server: 192.168.1.91
S-NAT Address: 192.168.1.8
Neither X-Forwarded-Proto (XFP), X-Forwarded-For (XFF) is given.
Create Profile to add XFF, XFP to HTTP header.
Local Traffic > Profiles > Protocols > Fast HTTP
In the HTTP related setting field, set it as
Insert X-Forwarded-For: Enabled,
Request Header Insert: X-Forwarded-Proto: http.
Apply the created profile to Virtual Server.
After application, the connection may remain, so clear it with Node Offline / Online etc. as necessary.
When HTTP access is done again, X-Forwarded-For, X-Forwarded-Proto has been added to the HTTP header as follows.
Changes applied profile for HTTPS
When using a normal HTTP profile, the location is different, but similarly set the XFP header with Request Header Insert .
In addition to X-Forwarded-Proto, there may be cases where you want to grant X-Forwarded-Port. Unfortunately, we need to specify this in iRules.
Even if variables are specified in the GUI, they are not expanded and information can not be acquired dynamically.
Conclusion - Setting to give X-Forwarded-Proto in BIG-IP
By creating an HTTP profile, X-Forwarded-Proto was added to the HTTP header in the S-NAT environment. If you wish to add X-Forwarded-Port , you need to use iRules.