Forum Discussion

sysadmin_2015_2's avatar
sysadmin_2015_2
Icon for Nimbostratus rankNimbostratus
Oct 12, 2015

Big-IP - X-Forwarded-For

Hello,

 

Currently I have two public virtual servers for the same web app. One VS listening on 80 with an iRule that directs to https. The second VS listening on 443. The problem is the Big-IP is not sending thru the source IP and the servers are looking for X-Forwarded-For or REMOTE_ADDR . Can you please tell me how to the add the source IP?

 

Thank you,

 

  • Have you enabled the XFF header option in the HTTP profile applied to the 443 VIP? That's the easiest way to do it.

     

  • Yes, I have enabled "Insert X-Forwarded-For" on the https VS but its still not working.

     

    Thank you for your help,

     

  • How do you know that the XFF header isn't being sent by the BIG-IP? If the traffic is unencrypted on the server side of the BIG-IP, do a quick tcpdump capture to see what the request looks like:

    tcpdump -lnni 0.0 -Xs0 host [IP of server]
    

    The -Xs0 option will show you the full HTTP payload of the requests and you should see the X-Forwarded-For header there with the XFF option enabled.

  • Do you have a ssl profile enabled on your https VS. If not you need one.

     

  • Hello,

     

    Once I fixed a routing issue, the XFF header option in the HTTP profile worked.

     

    Thank you for your help,