Forum Discussion

dwbrown_260122's avatar
dwbrown_260122
Icon for Nimbostratus rankNimbostratus
May 24, 2017

Having trouble with HTTP_FORWARDED_FOR iRule.

We are using the HTTP_XFORWARDED_FOR iRule to capture internal source IP addresses in the logs. However it is returning duplicate IP addresses. The IPs are for the same host. Thanks for the help. ...
application delivery
LTM
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 24, 2017

Hi,

 

I was playing with HTTP profile Insert X-Forwarded-For parameter. Be aware that it is adding separate X-Forwarded-For header with client IP.

 

If your request is already containing XFF header then you will have two of them. It's not really good situation for most logging solutions that are using XFF to store client IP.

 

If I am not wrong multiple XFF are allowed but most logging solutions prefer to have one. One XFF can however contain multiple IPs - if traffic is passing via multiple proxies inserting XFF - not 100% sure but first IP from the left is inserted by last proxy before server.

 

If your are using both HTTP profile and iRule to insert XFF you will end up with two XFF instead of one.

 

So stick with one option, of course iRule is most powerful and allow for example:

 

  • Remove all existing XFF and insert new
  • Remove all existing XFF (preserving IPs reported) and merge those IPs with own IP so you can preserver whole path from client (of course if you can trust proxies between you and client :-)

Piotr