Determine Source IP and Port

apals · January 29, 2014, 7:57pm

I am totally new to aFlex so naturally, am totally lost.

I have a VIP that I want to capture the sources IP and Port number. I have some success with the following:

when HTTP\_REQUEST \{
   HTTP::header insert "X-Forwarded-For" [IP::client\_addr]
\}

This gives me the IP but only if it is http, not https (http_request error). Anybody have any ideas on a aFlex script that will give me the IP and Port for both HTTP and HTTPS?

Thanks! AP

mischa · January 29, 2014, 8:12pm

You can do something like:

when HTTP\_REQUEST \{
  HTTP::header insert "X-Forwarded-For" [IP::client\_addr]:[TCP::local\_port]
\}

How have you defined your HTTPS VPORT? When do you see that error for HTTPS?

apals · January 29, 2014, 8:21pm

In my VIP I have 80 and 443 ServiceGroups defined. The SSL is hosted on the server, not A10. I’ve tried to use HTTP_REQUEST with the 443 port entry and always get an error that it can’t work. When I try, I get this: Warning: aFleX syntax error: line 1: “event is invalid for this virtual port [HTTP_REQUEST]”"

mischa · January 29, 2014, 8:30pm

That is expected behaviour. You can only modify the request in HTTPS when the A10 terminates the connection. When it’s passing through the A10 it’s all encrypted until it reaches the server.
The aFleX event HTTP_REQUEST only works on VPORT types HTTP, HTTPS and most Fast-HTTP, it will not work for VPORT type TCP.

apals · January 29, 2014, 8:34pm

I just tried that script you posted and it brought down my site.

So, if I terminate the SSL on the A10 I can then use the HTTP_REQUEST with HTTPS?

mischa · January 29, 2014, 8:42pm

You can test the script at: http://46.23.83.86/
You will see a header like: HTTP_X_FORWARDED_FOR: 53.4.5.5:80

Yes, if you terminate the SSL on the A10 you can use HTTP_REQUEST with HTTPS.

apals · January 29, 2014, 8:45pm

Weird, as soon as I applied that aFlex script to my site, people started getting:
Bad Request - Invalid Header

That’s good news about the SSL, thanks.

apals · January 29, 2014, 9:38pm

Nope, still getting the Bad Request - Invalid Header when I use your script.

mischa · January 29, 2014, 10:58pm

That actually makes sense. The X-Forwarded-For header is only supposed to have IP addresses and adding the port might cause this. What if you change the header to something else?

when HTTP_REQUEST { HTTP::header insert "X-Test-Client" [IP::client_addr]:[TCP::local_port] }

mischa · January 29, 2014, 10:59pm

One more thing, it could be that a cut&paste screws some of the characters.

apals · January 30, 2014, 1:42pm

I changed the aFlex to your new script. We are not getting the error so as soon as we can do some testing I’ll let you know if this did the trick. Thanks!

Discussion		Replies	Views
Preserve Port on HTTP Redirect aFleX redirect , aflex	1	605	July 14, 2020
Allow a connection based on source IP to a URI aFleX	3	51	March 21, 2012
Maintaining client Source ip using Source nat aFleX	4	1263	June 18, 2018
Wordpress SSL Issue aFleX certificate , http , slb-adc , tls-ssl	6	531	October 30, 2012
Copy X-Forwarded-For into custom header aFleX	3	122	June 25, 2014

Determine Source IP and Port

Related topics