How to see the actual IP when coming from F5 APM module to ASM

Question

Hi&nbsp;
I am applying ASM to an application which users are using via external F5 APM. When i look at the event logs, the source IP is the F5 external Interface IP . Is there a way to see the actual source IP ?&nbsp;

youssef1 · Answer

Hi,&nbsp;
Yes, on your APM you have to enable XFF on your HTTP profile in order to send USER IP to ASM.&nbsp;
Then in ASM, you can configured it to trust the XFF header send by APM. Then the system identifies the location using the address from the XFF header instead of the source IP address.&nbsp;
All is indicate in this article (step by step), quick and simple:&nbsp;
In your Security Policy, Security &gt; Application Security &gt; Policy &gt; Policy Properties adjust the view from Basic to AdvancedCheck the box next to Trust XFF Header (Navigate to Security -&gt; Application Security -&gt; Policy -&gt; Policy Properties.
https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-7-geolocation&nbsp;
Let me now if you need more details.&nbsp;
regards&nbsp;

Forum Discussion

How to see the actual IP when coming from F5 APM module to ASM

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Free Passes to AppWorld 2025 – First Come, First Served!

SkyNet Is Coming For Email First... Thankfully!

Hardware Security Modules

as3 Python module

PowerShell module for the F5 LTM REST API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS