Forum Discussion
Birchman_10128
Nimbostratus
May 31, 2012Cannot View Original clients source IP
Hi,
i have this issue regarding our current f5 LB. My problem is my web server is not seeing the original clients source IP address instead it's all getting my F5's interface IP. This is our setup Client ---> Firewall ----> F5 -----> WebServer. Can someone help me how to bypass the translation and forwards all source IP's to my WebServer? I tried disabling SNAT, NAT but doesn't work. Thank you and would appreciate anyone's help on this. Thanks!
- Pawel_Kwasniewi
Nimbostratus
Hi, - Eric_St__John
Employee
Your options are limited due to the fact that the web servers do not have a default route back through the BIGIP. As a result you must SNAT, which causes the traffic to assume one of the addresses from the BIGIP. As Pawel mentioned, you can enable Insert X-Forwarded-For on the HTTP profile, which will insert a header into the communication, that the web server can then log. This can be done natively on most web server software, though on some older versions of IIS it will require an ISAPI filter. - nitass
Employee
so, is webserver's default gateway f5?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects