Forum Discussion
malookyi
Nimbostratus
NimbostratusChange original source IP to random in ASM logs
Hello experts, On youtube I have find this video BIG-IP AWAF Demo 38 - Use IP Geolocation Enforcement w/ F5 BIG-IP Advanced WAF (formerly ASM) - YouTube and in this video speaker show that she ha...
Hi,
The ASM can also look into the x-forwarded-for header to determine the original client IP, for that you need to tell your security policy to trust the xff header. Then you can inject the header whether from the client side using fiddler for example. Or you can inject it locally using this iRule:
when HTTP_REQUEST { HTTP::header replace X-Forwarded-For "[expr (int(rand()*221)+1)].[expr int(rand()*254)].[expr int(rand()*254)].[expr int(rand()*254)]" }This article describes the procedure for an old ASM version :
https://f5-agility-labs-waf.readthedocs.io/en/latest/class3/module1/lab1/lab1.html
Amine_Kadimi
MVP
MVPHi,
The ASM can also look into the x-forwarded-for header to determine the original client IP, for that you need to tell your security policy to trust the xff header. Then you can inject the header whether from the client side using fiddler for example. Or you can inject it locally using this iRule:
when HTTP_REQUEST {
HTTP::header replace X-Forwarded-For "[expr (int(rand()*221)+1)].[expr int(rand()*254)].[expr int(rand()*254)].[expr int(rand()*254)]"
}This article describes the procedure for an old ASM version :
https://f5-agility-labs-waf.readthedocs.io/en/latest/class3/module1/lab1/lab1.html
malookyiNimbostratus
Nimbostratus