Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

pkingi_72523's avatar
pkingi_72523
Icon for Nimbostratus rankNimbostratus
Apr 19, 2010

Can irules be used to match source address infromation before and after SNAT?

We are using an F5 as an SSL-offload and then again as a reverse proxy. In both cases, the source address is natted.   We have an IPS after the SSL-offload and before the reverse proxy that does d...
application delivery
dev
devops
irules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 20, 2010
Hi Patrick,

 

 

LTM can insert a custom HTTP header named X-Forwarded-For (or any arbitrary name) with the original client IP address. To configure this you can create a custom HTTP profile and enable the 'insert X-Forwarded-For' option. If you want to insert a custom named header, you can do this with the HTTP profile options. Set the 'request header to remove' to MY_CUSTOM_HEADER and set the 'request header to insert' to MY_CUSTOM_HEADER: [IP::client_addr].

 

 

The IPS would need to be able to read the custom HTTP header instead of the IP header.

 

 

Aaron