Forum Discussion
Change original source IP to random in ASM logs
- Feb 07, 2023
Hi,
The ASM can also look into the x-forwarded-for header to determine the original client IP, for that you need to tell your security policy to trust the xff header. Then you can inject the header whether from the client side using fiddler for example. Or you can inject it locally using this iRule:
when HTTP_REQUEST { HTTP::header replace X-Forwarded-For "[expr (int(rand()*221)+1)].[expr int(rand()*254)].[expr int(rand()*254)].[expr int(rand()*254)]" }
This article describes the procedure for an old ASM version :
https://f5-agility-labs-waf.readthedocs.io/en/latest/class3/module1/lab1/lab1.html
Hi,
The ASM can also look into the x-forwarded-for header to determine the original client IP, for that you need to tell your security policy to trust the xff header. Then you can inject the header whether from the client side using fiddler for example. Or you can inject it locally using this iRule:
when HTTP_REQUEST {
HTTP::header replace X-Forwarded-For "[expr (int(rand()*221)+1)].[expr int(rand()*254)].[expr int(rand()*254)].[expr int(rand()*254)]"
}
This article describes the procedure for an old ASM version :
https://f5-agility-labs-waf.readthedocs.io/en/latest/class3/module1/lab1/lab1.html
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com