Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3495
Views
5
Helpful
4
Replies

ACE 4710 Original Client IP address reconstruction from X-Forwarded-For

j.dobkowski
Level 1
Level 1

‎01-13-2011 01:52 AM

Any idea or configuration example on how to reconstruct the original client IP address from X-forwarded-for in HTTP request?

Labels:
0 Helpful
4 Replies 4

pablo.nxh
Level 3
Level 3

‎01-13-2011 09:31 AM

Hi buddy,

What you mean by "reconstruct", there are two possible scenarios with X-Forwarded-For,

A: Your client is behind a proxy, proxy is using the X-Forwarded-For feature, you need ACE to pass the client original IP address.

B- Client going to the ACE and use X-Forwarded-For on the ACE.

Let us know your case and will come up with a config sample.

Tnx

__ __

Pablo

0 Helpful

j.dobkowski
Level 1
Level 1
In response to pablo.nxh

‎01-13-2011 11:58 AM

Hi Pablo

My customer is going to use AKAMAI services which mean all the traffic will be received with AKAMAI's IP address as a source and original clients IP inserted as X-Forwarded-for field. This creates a small problem. Neither Firewall nor IPS can inspect and make decisions based on the X-Forwarded-for field. That’s why I’d like to recreate the original source IP address for incoming traffic then have it inspected by the Firewall and IPS.

Thanks for your help

0 Helpful

pablo.nxh
Level 3
Level 3
In response to j.dobkowski

‎01-13-2011 01:00 PM

Wow this was one of my first experiments when I got into the ACE world I thought I'd never see it again

To get this working you need to configure an action list to modify the original X-Forwarded-For inserted by Akamai,

Here is how the action list should look like;

ACE/Admin(config)#action-list type modify http X-FF
ACE/Admin(config-actlist-modify)#header rewrite request x-forwarded-for header-value (.*) replace %1

This action list tells to the ACE to match any string on the XFF header coming from Akamai using (.*) and replace it with %1, (%1) means
copy/paste the same string that was matched with .* . In other words the ACE makes a exact copy of the XFF header that Akamai is sending.

This action list needs to be applied under the load balancing policy as follows:

ACE/Admin(config)#policy-map type loadbalance first-match LB
ACE-4710E/Admin(config-pmap-lb)#class class-default
ACE-4710E/Admin(config-pmap-lb)# serverfarm LB
ACE-4710E/Admin(config-pmap-lb)# action X-FF  

Also if you need the Akamai IP address to be included into the XFF header as well right next to the original client IP address you

configure the action list with this line:

ACE/Admin(config-actlist-modify)#header rewrite request x-forwarded-for header-value "(.*)" replace "%1, %is"

HTH

__ __

Pablo

parveesm123
Level 1
Level 1
In response to pablo.nxh

‎05-07-2012 10:56 AM

Hi Pablo....

amazing post.

btw , i am using passive cookie based stickiness , recently we subscribed akamai service for our website , problem what i am facing is constantly getting session expiry error.

somewhere i read that akamai nullify the cookies inserted in the header.

somehow my configuratoin for the website is not working fine . till date it was working perfectly fine and after changing to akamai it started throwing issues.

i am not using cookie insert , using the application to insert a cookie value.

any suggestion to tune this to make it work with akamai service..

thanks,

Parvees

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents