Forum Discussion

Nimbostratus

Jun 10, 2018

How to see the actual IP when coming from F5 APM module to ASM

Hi I am applying ASM to an application which users are using via external F5 APM. When i look at the event logs, the source IP is the F5 external Interface IP . Is there a way to see the actual ...

application delivery

ASM Advanced WAF

BIG-IP Access Policy Manager (APM)

security

youssef1

Cumulonimbus

Jun 10, 2018

Hi,

Yes, on your APM you have to enable XFF on your HTTP profile in order to send USER IP to ASM.

Then in ASM, you can configured it to trust the XFF header send by APM. Then the system identifies the location using the address from the XFF header instead of the source IP address.

All is indicate in this article (step by step), quick and simple:

In your Security Policy, Security > Application Security > Policy > Policy Properties adjust the view from Basic to Advanced
Check the box next to Trust XFF Header (Navigate to Security -> Application Security -> Policy -> Policy Properties.

https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-7-geolocation

Let me now if you need more details.

regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)