Forum Discussion
NimbostratusAppending/Including all IP addresses 'en route' within "X-Forwarded-for"
Hello,
We have our internal website published through our LTM. Users' traffic traverse the WAF [non-F5] before reaching the LTM.
Both WAF and LTM are configured to insert the X-Forwarded-for header. The backend web servers are configured accordingly, and hence, seeing the WAF's IP against "X-Forwarded-for".
The requirement is to see all the IP address in the path within the web server logs; i.e., Actual Client IP Address, WAF, & the LTM; and not just the LTM or WAF IP Address.
How do we achieve this?
Thanks, Jimmy =-=-=
2 Replies
Vijay_ECirrus
Assuming that the WAF & LTM are inserting the XFF header and value and retaining any existing value, your server should be able to log everything.
- Kai_Wilke
MVP
Hi Jimmy,
to consolidate multiple occourences of
headers, you may try the iRule below...X-Forwarded-Forwhen HTTP_REQUEST { if { [set x_forwarded [HTTP::header values "X-Forwarded-For"]] ne "" } then { HTTP::header remove "X-Forwarded-For" HTTP::header insert "X-Forwarded-For" "[join $x_forwarded ", "], [getfield [IP::client_addr] "%" 1]" } else { HTTP::header insert "X-Forwarded-For" "[getfield [IP::client_addr] "%" 1]" } }The iRule will collect any existing
header value, then remove any existingX-Forwarded-For
header and finally create a new one with the collected values + the current "X-Forwarded-For" value. E.g.:X-Forwarded-ForIncomming HTTP request headers
GET / HTTP/1.1 Host: site.domain.de ... X-Forwarded-For: 1.1.1.1 X-Forwarded-For: 2.2.2.2, 3.3.3.3 X-Forwarded-For: 4.4.4.4Outgoing HTTP request headers
GET / HTTP/1.1 Host: site.domain.de ... X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5Note: Make sure to disable the automatic X-Forwarded-For insert option in your HTTP profile. The insert will be already handled by this iRule...
Cheers, Kai
