Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
Apr 29, 2021

How does the LTM deal with a XFF header with two values

Hi;   How does the LTM deal with an X-Forwarded-For header that has two values. Does it use the last value inserted? If not, how can I make it use the last value inserted?   What about two oc...
application delivery
LTM
  • boneyard's avatar
    boneyard
    Apr 29, 2021

    how do you exactly mean "deal with"? normally LTM doesn't do anything with a XFF header it receives.

     

    are you using a local traffic policy or irule to read / use it?

     

    in that case it is up to you to determine how you deal with it, if there are two entries in one header you decide which one to use for your goals.

     

    if there are two or more headers you gotta read 'm all and determine which to use and possibly clean it up and only send one further.

     

    see this knowledge article for an example how to do that: https://support.f5.com/csp/article/K15732009

     

     

jaikumar_f5's avatar
jaikumar_f5
Icon for MVP rankMVP
Apr 30, 2021

 

 

I think you are seeing or trying to eliminate the security issue where multiple addresses could be forged as client ip address in the XFF header. Beginning in v13, there will be 1 XFF header with multiple addresses could be seen on the header, prior to v13, there were multiple XFF headers.

 

To overcome this, you can use below block code,

when HTTP_REQUEST { 
while {[HTTP::header exists X-Forwarded-For]} { 
HTTP::header replace "X-Forwarded-For" [IP::client_addr] 
}
}