Forum Discussion

Nimbostratus

Jul 08, 2016

How to send BIG-IP LTM, X-forwarded IP's to IIS "Ip Domain Filter" ?

On a BIG-IP LTM, we have a requirement to create an IP deny filter with Windows "Ip Domain Filters" on our Windows IIS. We need to have the X-forward IP data available for this including the log data...

Nacreous

Jul 08, 2016

Hi,

You can activate the X-Forwarded-For option in the http profile assigned to your Virtual Server.

Or you can use an irule for that :

when HTTP_REQUEST {
        HTTP::header remove "X-Forwarded-For"
        HTTP::header insert "X-Forwarded-For" "[IP::client_addr]"
}

Both solution works fine taken into account that you need to decrypt ssl (if https listening) and assign an http profile.

dfmcfadden49_27
Nimbostratus
Jul 08, 2016
Thank you for the reply. normally X-forward only sends the external IP to the IIS log. I see this Irule is a little different then the one I have used over the years. when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::remote_addr] } Does this Irule send to IIS for configuring "IP Domain Filters"? I guess the question should be how to I get the information in the IIS log to the "IP Domian filter" configuration. Can it be sent directly from the F5 or what is the process within IIS? Regards,
Yann_Desmarest_
Nacreous
Jul 08, 2016
I add the below line to avoid an attacker adding a custom X-Forwarded-For value :

HTTP::header remove "X-Forwarded-For"

I'm using
IP::client_addr
which is the same as
IP::remote_addr
in your case.

Quick description of the slight difference :

IP::client_addr - Returns the client IP address of a connection IP::remote_addr - Returns the IP address of the host on the far end of the connection.