API Developer Portal
API Docs
Community
Knowledgebase
Training
menu icon
  1. Home
  2.  / How To
  3.  / Advanced Security
  4.  / Configure HTTP Header Processing

Configure HTTP Header Processing

On This Page:

Objective

This document provides instructions on how to configure various HTTP header processing options for your web application. The supported actions include processing headers, such as request/response headers, header sizes, etc.

Using the instructions provided in this guide, you can set header processing for your services provisioned using an HTTP load balancer. For more information on load balancers, see Proxy & Load Balancer.

Predefined Header Variables

F5® Distributed Cloud Services provide predefined header variables. For example, you can set a response header to add with a name as x-volterra-added and value as $[geoip_city]. This returns the city from where the request arrived.

Refer to the following table for supported predefined header variables and descriptions:

Header VariableDescription
$[req_header_xxx]Fetch the request header with name. Header name (xxx) is in lower case and hyphen (-) replaced with underscore (_).
$[resp_header_xxx]Fetch the request header with name. Header name (xxx) is in lower case and hyphen (-) replaced with underscore (_).
$[query_params]Return all query parameters in the request.
$[query_param_xxx]Fetch query parameter with name. Query parameter name (xxx) is in lower case and hyphen (-) replaced with underscore (_).
$[url]Returns the URL.
$[path]Returns the path.
$[sni]Returns the server name identifier (SNI). Empty if SNI is absent.
$[scheme]Returns HTTPS or HTTP based on the request.
$[protocol]Returns HTTP protocol.
$[client_address]Client address.
$[original_client_address]First entry in XFF header is treated as original client address.
$[server_address]Address of the upstream server that handled the request.
$[status]Response code.
$[src_site]Name of the VER site that received the request.
$[dest_site]Name of the VER site handling the request.
$[tenant]Tenant of the request.
$[namespace]Namespace of the request.
$[app_type]Returns the app type for the request.
$[user]Returns the user of the request.
$[geoip_country]GeoIP lookup output. Returns the country from where the request arrived.
$[geoip_asn]GeoIP lookup output. Returns the ASN of the requestor.
$[geoip_region]GeoIP lookup output. Returns the region from where the request arrived.
$[geoip_city]GeoIP lookup output. Returns the city from where the request arrived.
$[cookie_xxx]Extract the cookie of the given name. Cookie name (xxx) is in lower case and hyphen (-) replaced with underscore (_).
$[tls_fingerprint]TLS fingerprint of the request.

Headers Added by Default

F5® Distributed Cloud load balancer adds a set of HTTP headers by default as shown in the table below:

HTTP HeaderDescription
X-Forwarded-ForHolds the downstream client IP address and prepends the same if the downstream request already had one.
X-Forwarded-ProtoHolds HTTP Protocol used - HTTP vs HTTPS.
X-Envoy-External-AddressHolds the downstream client IP address.
X-Envoy-Original-AuthorityHolds the actual domain name used by the downstream client.
X-Request-Id
X-F5-Request-Id		Holds an UUID identifying the http request. If the downstream request also had X-Request-Id then the header would be unmodified. X-F5-Request-Id will always be overwritten.
X-Envoy-Expected-Rq-Timeout-Msmentions the upstream timeout configured on the Loadbalancer matching route.

In general, the load balancer does not modify or delete HTTP headers unless it's one of the earlier mentioned reserved headers (other than X-Request-Id which won't be updated).

Note: If you configure X-Forwarded-For (XFF) header and client does not send the same, then F5 Distributed Cloud Services always inserts it with IP address that is supplied by the client, and user identification happens based on this IP address. Therefore, if you want user identification to happen based on a fallback choice as per your configuration (such as TLS fingerprint or a specific IP address), it is recommended not to configure the XFF header.

The following headers will be replaced if the request contained the same header:

  • X-Forwarded-Proto
  • X-Envoy-External-Address
  • X-Envoy-Original-Authority
  • X-F5-Request-Id
  • X-Envoy-Expected-Rq-Timeout-Ms

Prerequisites

The following prerequisites apply:

Configuration

Perform the following steps in F5® Distributed Cloud Console (Console) to configure header processing:

Step 1: Navigate to your load balancer.

  • Log into Console.

  • Click Multi-Cloud App Connect.

Figure: Console Homepage
Figure: Console Homepage

  • Change to your application namespace.

  • Click Manage > Load Balancers > HTTP Load Balancers.

Figure: HTTP Load Balancers
Figure: HTTP Load Balancers
  • Find your load balancer and click ... > Manage Configuration.
Figure: Edit HTTP Load Balancer
Figure: Edit HTTP Load Balancer
  • Click Edit Configuration.
Step 2: Start advanced fields configuration.

  • Navigate to the Other Settings section.

  • Optionally, select the Add Location checkbox. This will add the x-volterra-location header in the response messages, with the value as the Regional Edge (RE) site. In case of CE sites, this option is ignored.

  • Click Configure under the More Options field. This opens the header processing configuration page.

Step 3: Configure adding request headers.

  • In the Header Options section under the Add Request Headers field, click Add Item.

  • Enter the header name.

  • Select a choice from the Value or Secret menu, and then either enter the value name or configure the secret value.

  • Optionally, select the Append checkbox to append to existing values.

  • Click Apply.

Figure: Add Request Header
Figure: Add Request Header
  • Use the Add item option to specify multiple headers.

Note: The Distributed Cloud Services proxy adds the x-forwarded-for header by default for all requests. You can set the value of this header into another. Add a request header to the header name of your choice with value as $[req_header_x-forwarded-for].

Step 4: Configure removing request headers.

  • Under the Remove Request Headers field, click Add item.

  • Enter the header key. This preserves the requester's original IP address by removing the header.

  • Use the Apply option to specify multiple headers.

Note: The Distributed Cloud Services proxy adds x-forwarded-for header by default for all requests.

Figure: Remove Request Header
Figure: Remove Request Header
Step 5: Configure adding response headers.

  • Under the Add Response Headers field, click Add Item.

  • Enter the header name.

  • Select a value from the Value or Secret menu, and then enter the value name.

  • Optionally, select the Append checkbox to append to existing values.

  • Click Add Item.

Figure: Add Response Header
Figure: Add Response Header

Note: You can set the HTTP Strict Transport Security (HSTS) by adding the Strict-Transport-Security response header and a value. A sample value is max-age=31536000.

  • Use the Add item option to specify multiple headers.
Step 6: Configure removing response headers.

  • Under the Remove Response Headers field, click Add item.

  • Enter the response header to remove.

Figure: Remove Response Header
Figure: Remove Response Header
  • Use the Add item option to specify multiple headers.
Step 7: Set a maximum size for the request header.

Set a value for the Maximum Request Header Size field to limit the allowed maximum size of the header in the request. The maximum value allowed is 96 KiB and the default value is 60 KiB.

Step 8: Configure the error response options.

  • In the Configure Error Response Options section, under the Custom Error Responses field, click Configure.

  • Click Add item.

  • Enter a numerical value. The value must be 3, 4, 5, or in the 300-599 range.

  • Under the Error Response Body field, click Configure.

  • Choose a string encoding type from the options available.

  • Enter a response in the box.

  • Click Apply.

  • Click Apply.

Step 9: Configure miscellaneous options.

  • In the Miscellaneous Options section under the Buffer Policy field, click Configure.

  • Enter a numeric value for the maximum request size for the buffer.

  • Optionally, select the Disable checkbox to disable a particular route.

  • Click Apply.

  • Under the Compression Parameters field, click Configure.

  • Complete the configuration parameters, and then click Apply.

Step 10: Complete configuring header processing.

  • Click Apply to apply the header options to the load balancer configuration.

  • Click Save and Exit to save the load balancer configuration.

Concepts

API References

© 2024 F5, Inc. All rights reserved | Trademarks | Policies | Privacy | California Privacy | Do Not Sell My Personal Information |