Forum Discussion
NimbostratusCapturing the Source IP?
So I've read about this and still can come up with a solution. Our current set up is a VIP with Source Address Translation set to AutoMap.
We need to get the Source IP via the Webserver.
Ive tried to enable InsertX-Forwarded-For inside the HTTP services, my site wont load.
Ive tried turning off Source Address Translation and that turns of my site as well.
Can anyone help with an Irule ?
Thanks
15 Replies
Brad_ParkerCirrus
What doesn't work when you enable X-Forwarded-For? Is your site HTTP or HTTPS?
julian_mata_164Site is https.- Brad_ParkerThe problem you are having is that to apply an HTTP profile to an HTTPS site requires a client SSL profile. Otherwise all your connections will get reset. I would consider SSL offloading, but at a minimum you do need a client SSL profile. If you need end to end encryption you can add a server SSL profile.
- julian_mata_164Would the default clientssl work for SSL Profile (Client) I just added this one and site wont respond.
Brad_Parker_139Nacreous
What doesn't work when you enable X-Forwarded-For? Is your site HTTP or HTTPS?
- julian_mata_164Site is https.
- Brad_Parker_139The problem you are having is that to apply an HTTP profile to an HTTPS site requires a client SSL profile. Otherwise all your connections will get reset. I would consider SSL offloading, but at a minimum you do need a client SSL profile. If you need end to end encryption you can add a server SSL profile.
- julian_mata_164Would the default clientssl work for SSL Profile (Client) I just added this one and site wont respond.
- Mark_van_D
Cirrostratus
Is it offloading SSL on the F5?
- julian_mata_164
We dont.
shaggyA client-ssl profile with the website's cert/key that is assigned to the virtual server will allow users to terminate their SSL connection at the F5, which allows the F5 to read/modify HTTP-level data. A server-ssl profile applied to the virtual-server will allow the F5 to re-encrypt the data back to the pool member
