[AusNOG] X-Forwarded-For vs RFC 7239

Colin Stubbs colin.stubbs at equatetechnologies.com.au
Tue Apr 25 13:48:54 EST 2017


I’d agree with all of that; though this is actually the first I’ve heard of
RFC-7239 actually being used. I am assuming you do actually have a genuine
use case and not just wanting to add it because you really like
complicating things!

Looks reasonably sensible though, and a potential improvement over trying
to understand multiple instances of
X-Forwarded-For/X-Forward-Proto/X-Forwarded-Host etc, though I’m sure once
widely deployed the contents will vary widely by implementation in the same
way X-Forwarded-Whatevs headers often are right now.

Either way it’d add basically zero overhead/resource consumption to add or
modify within iRules if you’re already there and mucking with other
headers. Slightly complex to parse and chain existing Forwarded contents if
wanting to modify rather than adding additional; but still negligible.

-Colin

On 25 April 2017 at 13:24, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> Folks,
> Just looking for a sanity check on current HTTP proxy headers. My
> understanding is X-Forwarded-For is widely deployed, widely parsed, and not
> standard. RFC 7239 is a (proposed) standard, barely deployed, and mostly
> ignored. Would best practice, going forward, be to include both headers (if
> you were say, writing i-rules for such things)?
>
> Kind regards
>
> Paul Wilkins
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170425/f906da39/attachment.html>


More information about the AusNOG mailing list