Copy content from one header to the other

igor · March 31, 2023, 4:36pm

Hi all,

As one problem was solved, the other popped in. Does anyone know if is there a way to copy the content of one header into the other?

What I mean is that a client firewall is receiving an HTTP packet forwarded from HAproxy with two headers: 1) X-Forwarded-For (this header doesn’t contain real client IP but an IP from our router)
2) X-Original-Forwarded-For (this header contains real client IP which visits our website)

The question is how to copy the real client IP from X-Original-Forwarded-For into X-Forwarded-For.

Is this doable?

Thanks,
I

stormrover · April 1, 2023, 6:14pm

These are examples. I’ve not tested them for syntax, so you might have to adjust them a bit.

Assuming the router always sends this header:

    http-request set-header X-Forwarded-For %[req.hdr(X-Original-Forwarded-For)] if { src <router_IP> }

If there is ever a scenario where this header may not be present (like requests directly from the router), use this:

    http-request set-header X-Forwarded-For %[req.hdr(X-Original-Forwarded-For)] if { src <router_IP> } { req.hdr(X-Original-Forwarded-For) -m found }

Always add the router’s IP address to prevent someone else from setting X-Forwarded-For. It’s probably rare, but it’s good security practice.

igor · April 4, 2023, 11:39am

Thanks, this is a working solution.