Get Source IP for HTTPS traffic

Question

Hi All,&nbsp;
I'm aware that XFF is a setting to get the Client IP for HTTP traffic.
My server team needs to get the Client IP for HTTPS traffic.
We've the client SSL set on the F5.
As per my research, I see that many have been talking about the SSL termination. Which means, the F5 will terminate the connection and send the decrypted traffic to the server. But in this way, the server will be getting the F5's IP and not the Source IP. &nbsp;
Can anyone help me out on a way to get the original Source IP for HTTPS traffic?&nbsp;
Regards
Santosh&nbsp;

ed_summers · Answer

Regardless of whether BIGIP accepts unencrypted traffic or off-loads SSL for a server, it can insert X-Forwarded-For for either one. See K4816 for more info. Also note that this KB article clarifies that BIGIP simply appends an XFF header regardless of whether or not one was already present. This may not be a concern in your environment, just something to be aware of.

Forum Discussion

Get Source IP for HTTPS traffic

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Inspecting HTTP LB traffic for security

Tightening the Security of HTTP Traffic Part 3

The Power of Source Address

Decrypting TLS traffic on BIG-IP

Solving for true-source IP with global load balancers in Google Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS