Forum Discussion
NimbostratusAFM Logging Proxy Protocol Header Sent by F5 XC
Hello,
We are using F5 distributed cloud XC DDOS service for our published services in proxy mode all traffic coming to F5 BIG-IP AFM sourced from XC IP ranges, at the same time XC is inserting "PROXY Protocol" version 2 header. I need your help to know how to extract "original IP" from header and send it to an external syslog server via irule or any other way.
Thanks
3 Replies
- Aswin_mk
MVP
Hi, i just have a qustion, is it not possible via x-forwarder-for option in http profile if the traffic coming to LTM?
Saad_DeifHi
Yes irule is applied on LTM virtual server and injects client original ip found in "PROXY Protocol" header. But I need to apply a similar irule on AFM as some services are not running on LTM.
- Nikoolayy1
Aren't you using the irule Proxy Protocol Receiver | DevCentral ? You can log the variables that have the real IP address and if you need help XC has https://www.f5.com/products/ai-assistant that can help you do it faster.
You need to still have layer 3/4 VIrtual server as if you are using something like virtual wire see Virtual-wire Configuration and Troubleshooting | DevCentral and my comment as "vlangroup.forwarding.override" is needed so you layer 3 wildcard to capture the traffic and not the pre-build internal virtual servers.
