Forum Discussion
NimbostratusF5 APM Client IP and X-Forwarded-For
Hello,
is there any possibility to change Client IP parameter in F5 APM for the value in X-Forwarded-For header? I have APM behind snat/dnat and I can see only one IP address accessing APM.
Thank you.
Just enable the 'Insert X-Forwarded-For' option in the HTTP profile that your virtual server is using.
JakuubYou are not right but I fixed made it! Just disable restrict to single client IP check. Then you have to apply following iRule on all access-profile enabled VS.
when HTTP_REQUEST {
if { [HTTP::cookie exists "MRHSession"]} {
set apmip [ACCESS::session data get session.user.clientip]
set realip [HTTP::header X-Forwarded-For]
if { ($apmip != $realip) && ($apmip != "") } {
set sessionID [ACCESS::session sid]
ACCESS::session remove -sid $sessionID
HTTP::redirect "/my.logout.php3?errorcode=20"
}
}
}
when ACCESS_SESSION_STARTED {
if {[HTTP::header exists X-Forwarded-For]}{
set userip [HTTP::header X-Forwarded-For]
ACCESS::session data set session.user.clientip $userip
}
}
