Jump to content
Welcome to our new Citrix community!

Modify Message Header X-Client-Cert-ID and X-Real-IP


Recommended Posts

What values do you want to insert in these headers so I can help you construct the rewrite.

 

I don't know what you what the x-client-cert-id to hold?

For the x-real-ip, is the IP coming from L3 or an existing x-forward-for incase of an additional proxy between users and adc.

## Basic header insert action and policy

##    Insert HTTP Header, inserts a header and then uses the policy engine to insert the dynamic value there:

##   add rewrite action <action name> <action type> "<HEADER Name>"  "<expression to insert>"

##   add rewrite policy <poilcy name> <policy expression> <action name>

add rewrite action rw_act_inshdr_x-real-ip insert_http_header "X-Real-IP" "client.ip.src"

add rewrite policy rw_pol_inshdr_x-real-p http.req.is_valid rw_act_inshdr_x-real-ip

 

The policy expression can vary based on "when" you want the ip address inserted; I just assumed all request. Then you just have to bind the policy to the appropriate lb vserver (or cs vserver) as needed.

 

To insert the X-Client-Cert-id is similar, but I don't know what value you want in the header value string.

You may just want to do this in the GUI and see the syntax. NOTE: Policy expressions in CLI most be quoted. When your entering values in GUI, expressions do not require surrounding quotes only regular strings.

 

client.ip.<obj> will expose L3 source IP / destination IP and other networking criteria via client.ip, client.src, etc.

client.ssl.<obj> will expose various client SSL cert parameters.  See: https://docs.citrix.com/en-us/citrix-adc/current-release/appexpert/policies-and-expressions/advanced-policy-expressions-parsing-ssl.html

 

Rewrite header examples:

https://docs.citrix.com/en-us/citrix-adc/current-release/appexpert/rewrite/rewrite-action-policy-examples/example-adding-local-client-ip-header.html

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...