Score:0

how to instert "x-forwarded-for" data to http header in physical l4 switch?

br flag

0

In the L4 switch, there is an 'x-forwarded-for' function that puts the client source ip address in the http header.

The l4 switch can only know layer 4 information, so I'm curious how to put the x-forwarded-for information http header(http header is in the layer 7!! ). Even in https, the http header is encrypted, how can L4 switch decrypt this encrypted http header, insert x-forwared-for information, and send a packet to the backend?

Thanks!

Score:1
cn flag

No, a layer 4 only device cannot mangle layer 7 application data.

A layer 4 host might be a router that can forward for example 2001:db8:e856:edff::a0f8 to 2606:2800:220:1:248:1893:25c8:1946. Perhaps it has enough transport layer knowledge to have a firewall rule allow this for tcp/443. But it does not know how to unwrap packets further and manipulate http headers.

Commonly designs have a load balancer or other middleware that redirects or modifies application data. This is where it makes sense to put a frontend service address, terminate TLS, transform the request, and proxy a new request to a backend. Because it is a new request, client IP is lost, which is why Forwarded headers were invented in the first place. Doing all this requires application knowledge, so such a host has level 7 functions.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.