Forum Discussion
BIP-IP : identify true client-ip
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi
I suppose this is more of a nw question than a BIG-IP question.
I am testing http requests against our prod website from a client locat...
Your iRule logs the source IP address derived from the header of the incoming IP datagram.
If the original client IP address is modified (i.e. due to hiding NAT of your clientside firewall or by your internet router) you will log the NAT address, as you already noticed. If your client´s request is forwared by a proxy you can check for the so called X-Forwarded-For http-header. Perhaps the proxy is inserting this header with the value of the original client IP address. So if your virtual server has an http-profile assigned you may add the following section to your iRule:when HTTP_REQUEST {
if {[HTTP::header exists X-Forwarded-For]}{
log local0. "client ip from xff-header: <[HTTP::header value X-Forwarded-For]>"
}
}
Please run "tail -f /var/log/ltm" to monitor your log file.