Forum Discussion
NimbostratusAny hard documentation for x-forwarded-for?
Dev,
I was tasked with setting up a VS for a client and passing https traffic through the load balancer. I found the correct settings to get that working, but I'm also SNAT'ing the traffic. The client want to be able to do x-forwarded-for to get the true client IP address. I think I understand the reason why the x-forwarded-for won't work on https, but I need something hard fast from F5 saying this is why this won't work. I'm still very new at the LTM's, about six months in, and I don't really get the benefit of the doubt just yet when it comes to these sorts of things. Has anybody successfully sent an x-forwarded-for WITHOUT SSL offload at the LTM? If so, what were the steps? Also, if anybody has any docs on the headers, that would be great.
Thanks,
John
3 Replies
What_Lies_Bene1Cirrostratus
I'm not an F5 employee but I can categorically state that (at present) HTTP content of any kind cannot be modified (or have a header inserted) by an F5 unless it terminates the SSL connection. Of course, keep in mind you can terminate it and re-encrypt it.
This article confirms: http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html?sr=26838905- wixxyl_98682That confirms what I suspected. Thank you very much for the link Steve, I hope that will pacify the powers-that-be for now.
- What_Lies_Bene1You're welcome. Good luck.
