Cloudflare True-Client-IP as Persistence

Hello,

To use Cloudflare's True-Client-IP header for persistence (sticky sessions) on an F5 BIG-IP Local Traffic Manager (LTM), you can create an iRule that extracts the True-Client-IP header and uses it as the source IP for session persistence. Here's how you can do it:

Steps to Implement:
Enable the True-Client-IP Header in Cloudflare
Ensure that the True-Client-IP header is being sent by Cloudflare. This header contains the actual client IP behind Cloudflare's proxy.

Create the iRule
Add the following iRule to your BIG-IP configuration:

tcl
when CLIENT_ACCEPTED {
    # Check if the True-Client-IP header exists
    if {[HTTP::header exists "True-Client-IP"]} {
        # Extract the True-Client-IP value
        set client_ip [HTTP::header "True-Client-IP"]
    } else {
        # Fallback to the client IP as seen by the LTM
        set client_ip [IP::remote_addr]
    }

    # Log for debugging (optional, remove in production)
    log local0. "Using Client IP: $client_ip for persistence"

    # Set the source IP persistence
    persist source_addr $client_ip
}
Assign the iRule to the Virtual Server

Go to your F5 BIG-IP configuration.
Navigate to Local Traffic > Virtual Servers > Virtual Server List.
Select your target Virtual Server.
In the Resources tab, under iRules, click Manage.
Add the newly created iRule to the Virtual Server.
Test the Configuration
Use a tool like curl or browser developer tools to send requests to your application through Cloudflare and verify that the persistence is working based on the True-Client-IP.
Best Reagdrs
merry867