Options

Determine Source IP and Port

apalsapals Member
in aFleX
I am totally new to aFlex so naturally, am totally lost.

I have a VIP that I want to capture the sources IP and Port number. I have some success with the following:

when HTTP_REQUEST {
HTTP::header insert "X-Forwarded-For" [IP::client_addr]
}

This gives me the IP but only if it is http, not https (http_request error). Anybody have any ideas on a aFlex script that will give me the IP and Port for both HTTP and HTTPS?

Thanks! AP

Comments

  • Options
    mischamischa Member
    edited February 2014
    You can do something like:

    when HTTP_REQUEST {
    HTTP::header insert "X-Forwarded-For" [IP::client_addr]:[TCP::local_port]
    }

    How have you defined your HTTPS VPORT? When do you see that error for HTTPS?
  • Options
    apalsapals Member
    edited February 2014
    In my VIP I have 80 and 443 ServiceGroups defined. The SSL is hosted on the server, not A10. I've tried to use HTTP_REQUEST with the 443 port entry and always get an error that it can't work. When I try, I get this: Warning: aFleX syntax error: line 1: "event is invalid for this virtual port [HTTP_REQUEST]""
  • Options
    mischamischa Member
    edited February 2014
    That is expected behaviour. You can only modify the request in HTTPS when the A10 terminates the connection. When it's passing through the A10 it's all encrypted until it reaches the server.
    The aFleX event HTTP_REQUEST only works on VPORT types HTTP, HTTPS and most Fast-HTTP, it will not work for VPORT type TCP.
  • Options
    apalsapals Member
    edited February 2014
    I just tried that script you posted and it brought down my site.

    So, if I terminate the SSL on the A10 I can then use the HTTP_REQUEST with HTTPS?
  • Options
    mischamischa Member
    edited February 2014
    You can test the script at: http://46.23.83.86/
    You will see a header like: HTTP_X_FORWARDED_FOR: 53.4.5.5:80

    Yes, if you terminate the SSL on the A10 you can use HTTP_REQUEST with HTTPS.
  • Options
    apalsapals Member
    edited February 2014
    Weird, as soon as I applied that aFlex script to my site, people started getting:
    Bad Request - Invalid Header

    That's good news about the SSL, thanks.
  • Options
    apalsapals Member
    edited February 2014
    Nope, still getting the Bad Request - Invalid Header when I use your script.
  • Options
    mischamischa Member
    edited February 2014
    That actually makes sense. The X-Forwarded-For header is only supposed to have IP addresses and adding the port might cause this. What if you change the header to something else?

    when HTTP_REQUEST { HTTP::header insert "X-Test-Client" [IP::client_addr]:[TCP::local_port] }
  • Options
    mischamischa Member
    edited February 2014
    One more thing, it could be that a cut&paste screws some of the characters.
  • Options
    apalsapals Member
    edited February 2014
    I changed the aFlex to your new script. We are not getting the error so as soon as we can do some testing I'll let you know if this did the trick. Thanks!
Sign In or Register to comment.