how to instert "x-forwarded-for" data to http header in physical l4 switch?

0

In the L4 switch, there is an 'x-forwarded-for' function that puts the client source ip address in the http header.

The l4 switch can only know layer 4 information, so I'm curious how to put the x-forwarded-for information http header(http header is in the layer 7!! ). Even in https, the http header is encrypted, how can L4 switch decrypt this encrypted http header, insert x-forwared-for information, and send a packet to the backend?

Thanks!

No, a layer 4 only device cannot mangle layer 7 application data.

A layer 4 host might be a router that can forward for example 2001:db8:e856:edff::a0f8 to 2606:2800:220:1:248:1893:25c8:1946. Perhaps it has enough transport layer knowledge to have a firewall rule allow this for tcp/443. But it does not know how to unwrap packets further and manipulate http headers.

Commonly designs have a load balancer or other middleware that redirects or modifies application data. This is where it makes sense to put a frontend service address, terminate TLS, transform the request, and proxy a new request to a backend. Because it is a new request, client IP is lost, which is why Forwarded headers were invented in the first place. Doing all this requires application knowledge, so such a host has level 7 functions.