Forum Discussion

レザ's avatar
レザ
Icon for Cirrus rankCirrus
Jul 29, 2023

Difference between Insert X-Forwarded-For and Accept XFF?

Hello
What is the difference between Insert X-Forwarded-For and Accept XFF in http profile?
Is it possible to enable both of these items in a custom http profile?

Do they have priority over each other or not?

 

Thanks

  • Hi レザ,

    Accept XFF option does not insert a request header.

    Accept XFF: Enables or disables trusting the client IP, and statistics from the client IP address, based on the request's X-Forwarded-For (XFF) headers, if they exist.

    Note: This option has an effect only when you use either AVR or ASM L7 DoS profile (ASM required). For AVR, the Accept XFF option allows the BIG-IP system to trust and take into consideration IP addresses from the X-Forwarded-For header for statistics purposes. For an L7 DoS profile, the Accept XFF option allows the BIG-IP system to take action based on IP addresses from the X-Forwarded-For header that match, for example, an Access List.

    Insert X-Forwarded-For: When using connection pooling, which allows clients to make use of existing server-side connections, you can insert the X-Forwarded For header with the client IP address into a request. When you configure the BIG-IP system to insert this header, the target server can identify the request as coming from a client other than the client that initiated the connection.

    K40243113: Overview of the HTTP profile
    https://my.f5.com/manage/s/article/K40243113

1 Reply

  • Hi レザ,

    Accept XFF option does not insert a request header.

    Accept XFF: Enables or disables trusting the client IP, and statistics from the client IP address, based on the request's X-Forwarded-For (XFF) headers, if they exist.

    Note: This option has an effect only when you use either AVR or ASM L7 DoS profile (ASM required). For AVR, the Accept XFF option allows the BIG-IP system to trust and take into consideration IP addresses from the X-Forwarded-For header for statistics purposes. For an L7 DoS profile, the Accept XFF option allows the BIG-IP system to take action based on IP addresses from the X-Forwarded-For header that match, for example, an Access List.

    Insert X-Forwarded-For: When using connection pooling, which allows clients to make use of existing server-side connections, you can insert the X-Forwarded For header with the client IP address into a request. When you configure the BIG-IP system to insert this header, the target server can identify the request as coming from a client other than the client that initiated the connection.

    K40243113: Overview of the HTTP profile
    https://my.f5.com/manage/s/article/K40243113