Forum Discussion
BIP-IP : identify true client-ip
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi
I suppose this is more of a nw question than a BIG-IP question.
I am testing http requests against our prod website from a client located within our corporate nw.
On my prod f5 virtual-server I have a diagnostic irule which writes this log :
log local0. "Client [IP::client_addr]:[TCP::client_port]"However, BIG-IP logs a client-ip different than my client's static-ip.
I believe traffic is being NAT'd before routing externally and arriving at our prod DC.
How can I setup a test client so that BIG-IP logs the true ip ? ( my client's static-ip )
Your iRule logs the source IP address derived from the header of the incoming IP datagram.
If the original client IP address is modified (i.e. due to hiding NAT of your clientside firewall or by your internet router) you will log the NAT address, as you already noticed. If your client´s request is forwared by a proxy you can check for the so called X-Forwarded-For http-header. Perhaps the proxy is inserting this header with the value of the original client IP address. So if your virtual server has an http-profile assigned you may add the following section to your iRule:when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ log local0. "client ip from xff-header: <[HTTP::header value X-Forwarded-For]>" } }Please run "tail -f /var/log/ltm" to monitor your log file.
giltjrNimbostratus
Just a F.Y.I., if the client is being proxied, the the "true" client IP address could, most likely is, a private non-routable IP address. So your log may show an address like 192.168.1.1.
hari_126827Cirrus
Hi,
Probably if we want to log client ip address for non-http connection, then we could use below irule:
when CLIENT_ACCEPTED { log local0. "Client [IP::client_addr]:[TCP::client_port]" }but if it is HTTP connection then good idea to use above irule....
Mahmoud_Eldeeb_Cirrostratus
you can get the true client ip by using of X-Forwarded-For
