Forum Discussion

malookyi's avatar
malookyi
Icon for Nimbostratus rankNimbostratus
Feb 07, 2023

Change original source IP to random in ASM logs

Hello experts, On youtube I have find this video  BIG-IP AWAF Demo 38 - Use IP Geolocation Enforcement w/ F5 BIG-IP Advanced WAF (formerly ASM) - YouTube and in this video speaker show that she ha...
  • Amine_Kadimi's avatar
    Feb 07, 2023

    Hi, 

    The ASM can also look into the x-forwarded-for header to determine the original client IP, for that you need to tell your security policy to trust the xff header. Then you can inject the header whether from the client side using fiddler for example. Or you can inject it locally using this iRule:

    when HTTP_REQUEST {
       HTTP::header replace X-Forwarded-For "[expr (int(rand()*221)+1)].[expr int(rand()*254)].[expr int(rand()*254)].[expr int(rand()*254)]"
    }

    This article describes the procedure for an old ASM version :

    https://f5-agility-labs-waf.readthedocs.io/en/latest/class3/module1/lab1/lab1.html