Forum Discussion
Jose_Cruz
Aug 06, 2019Altostratus
Help with X-Forwarded-For iRule
We have many (over 500) Public VIP that we need to insert the client IP in the header for security reasons. When i enabled X-Forwarded-For in the HTTP profile the developer informed me they are recei...
- Aug 06, 2019
I would not enable the acceptance of XFF, for it can be faked. You should only trust the IP address that initiated the connection as the client address. As such, you can try the irule below.
when HTTP_REQUEST_RELEASE { log local0. "Orig XFF: [HTTP::header values "X-Forwarded-For"]" HTTP::header remove "X-Forwarded-For" HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] % 1],[getfield [IP::local_addr] % 1] log local0. "New XFF: [HTTP::header value "X-Forwarded-For"]" }
.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects