«

»

Aug 21

How to insert HTTP header X-Forwarded-Proto for SSL traffic of F5 LTM

Categories:

F5 LTM, Load Balancer

by admin

In our scenario we do SSL offload on the load balancer before inserting header for incoming request from client to physical server behind LB.

To insert protocol information header you can configure a custom HTTP profile with ‘Request Header Erase’ set to X-Forwarded-Proto and ‘Request Header Insert’ set to ‘X-Forwarded-Proto: https’. This ensures that any existing X-Forwarded-Proto headers are removed and a new X-Forwarded-Proto header with a value of https is inserted.

Note: You should have already configured VIP, POOL and NODES before applying setting below. Additionally the client SSL profile should only allow SSL requests
(Non-SSL Connections is not enabled)

Configuration steps:

1) Login to F5 LTM GUI

2) Open Local Traffic menu

3) Choose Profiles -> Services -> HTTP

4) Click “Create”

5) Enter new profile’s name

6) Under new profile make sure that Parent Profile is “http” and tick “Custom” on the right hand side.

7) Into “Request Header Erase” insert X-Forwarded-Proto

8) For field “Request Header Insert” enter X-Forwarded-Proto: https

9) Click “Finished” to save profile

10) Go to VIP for SSL traffic (listening on port 443) and add profile created under “HTTP Profile”

Follow me!

This post has no tag

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>