Change original source IP to random in ASM logs

Question

Hello experts,On youtube I have find this video&nbsp;BIG-IP AWAF Demo 38 - Use IP Geolocation Enforcement w/ F5 BIG-IP Advanced WAF (formerly ASM) - YouTubeand in this video speaker show that she has some iRule that change original source IP to random public IP to emulate traffic from whole world.I want to configure the same iRule in my test lab but I can't find how to do this or some examples of this iRule.I have read this topics&nbsp;iRule to randomly change source IP - DevCentral (f5.com)iRule to randomly change source IP DevCentral (force.com)but it is not clear for me how to replace IP only for ASM logs.Have anyone configure the same thing as on the video and can help me how to configure it in my test lab?Thank you!&nbsp;

amine_kadimi · Accepted Answer

Hi,&nbsp;
The ASM can also look into the x-forwarded-for header to determine the original client IP, for that you need to tell your security policy to trust the xff header. Then you can inject the header whether from the client side using fiddler for example. Or you can inject it locally using this iRule:
when HTTP_REQUEST {
   HTTP::header replace X-Forwarded-For "[expr (int(rand()*221)+1)].[expr int(rand()*254)].[expr int(rand()*254)].[expr int(rand()*254)]"
}
This article describes the procedure for an old ASM version :
https://f5-agility-labs-waf.readthedocs.io/en/latest/class3/module1/lab1/lab1.html&nbsp;

Forum Discussion

Change original source IP to random in ASM logs

Recent Discussions

APM with EntraID as idP / request signed

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

Related Content

Change admin account

Four score and seven years ago... a laptop origin story 📖‌

Create an HTTPS Origin based on public FQDN for VoltMesh

api token timeout change

Create an HTTPS Origin based on public IP for VoltMesh

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS