Forum Discussion

Nimbostratus

Dec 07, 2006

Apache SSL Logs

I am trying to figure out how to get the correct source IP for the SSL request which has passed through the load balancer. I wrote an iRule (got most of it from the iRule downloads section) that ...

Employee

Dec 13, 2006

If your servers use the BIG-IP as their default gateway, you can preserve the original client IP by not SNAT'ing those connections at the BIG-IP (it preserves client IP by default). The IP header is not encrypted in SSL, so BIG-IP can still SNAT even with SSL connections. But if it is not possible for you to configure the network this way (without SNAT), then hoolio is correct, you will need to decrypt the SSL at the BIG-IP in order to be able to manipulate the data in the rest of the headers (ie, using an X-Forwarded-For header to include the original client IP).

Denny

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Apache SSL Logs

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Apache Style Logging with HSL

Apache Airflow Unsafe API Endpoint

Oracle hack, North Korean Hackers, Critical Flaw in Apache

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Custom Apache-style logging for Java-based applications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS