Forum Discussion
レザ
Cirrus
CirrusDifference between Insert X-Forwarded-For and Accept XFF?
Hello
What is the difference between Insert X-Forwarded-For and Accept XFF in http profile?
Is it possible to enable both of these items in a custom http profile?
Do they have priority over each other or not?
Thanks
Hi レザ,
Accept XFF option does not insert a request header.
Accept XFF: Enables or disables trusting the client IP, and statistics from the client IP address, based on the request's X-Forwarded-For (XFF) headers, if they exist.
Note: This option has an effect only when you use either AVR or ASM L7 DoS profile (ASM required). For AVR, the Accept XFF option allows the BIG-IP system to trust and take into consideration IP addresses from the X-Forwarded-For header for statistics purposes. For an L7 DoS profile, the Accept XFF option allows the BIG-IP system to take action based on IP addresses from the X-Forwarded-For header that match, for example, an Access List.
Insert X-Forwarded-For: When using connection pooling, which allows clients to make use of existing server-side connections, you can insert the X-Forwarded For header with the client IP address into a request. When you configure the BIG-IP system to insert this header, the target server can identify the request as coming from a client other than the client that initiated the connection.
K40243113: Overview of the HTTP profile
https://my.f5.com/manage/s/article/K40243113
Hi レザ,
Accept XFF option does not insert a request header.
Accept XFF: Enables or disables trusting the client IP, and statistics from the client IP address, based on the request's X-Forwarded-For (XFF) headers, if they exist.
Note: This option has an effect only when you use either AVR or ASM L7 DoS profile (ASM required). For AVR, the Accept XFF option allows the BIG-IP system to trust and take into consideration IP addresses from the X-Forwarded-For header for statistics purposes. For an L7 DoS profile, the Accept XFF option allows the BIG-IP system to take action based on IP addresses from the X-Forwarded-For header that match, for example, an Access List.
Insert X-Forwarded-For: When using connection pooling, which allows clients to make use of existing server-side connections, you can insert the X-Forwarded For header with the client IP address into a request. When you configure the BIG-IP system to insert this header, the target server can identify the request as coming from a client other than the client that initiated the connection.
K40243113: Overview of the HTTP profile
https://my.f5.com/manage/s/article/K40243113
