Forum Discussion

Nimbostratus

Jan 22, 2015

Client Source IP - SSL pass through

Hi, the Cisco smart space needs to know the source IP address of the client to register it and accept the traffic. Also SSL termination cannot be done on F5 due to some limitation of application. so ...

Nimbostratus

Jan 22, 2015

You could, in theory, utilize Proxy SSL, assuming your security policy allows it. This requires that you have the same SSL cert and key on all the pool members and that cert/key is available to the F5 as well.

https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385.html

With this configuration you can use an iRule to insert/modify X-Forwarded-For.

This is, for all intents and purposes, doing a man in the middle. It only works for RSA. If you require ECC it doesn't work.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client Source IP - SSL pass through

Recent Discussions

Earth Simnavaz

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

Related Content

Enhance your Application Security using Client-side signals – Part 2

Block destination IP by source IP

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients

Upgrade APM edge client

APM vpn client to virtual server source IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS