Forum Discussion
NimbostratusHow to setup X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT ?
Hi All, Hope you are fine.
please need you Help,
i have problem,
when i activate the google proxy is the IP of the proxy that replaces the customer address
i tested the proxy with external sites and client source IP is correctly entered in the XFF field.
i setup this configuration but i dont have standards value
http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
how i can configure the VS to have the standards values ? • X-BIG-IP-IP-CALLING: xxxxxxxxx • X-FORWARD-FOR: xxxxxxxxx(IP Client), xx.xxx.xx.xxx (Proxy 1) xxx.xxx.xxx.xx (Proxy 2)
thank u in advance
BR
22 Replies
- JRahm
Admin
just to clarify, you want to rewrite the list of IPs from the XFF header to be only the first IP in the list? If so, this should work for you.
when HTTP_REQUEST { HTTP::header replace X-Forwarded-For [getfield [HTTP::header X-Forwarded-For] "," 1] } - Kevin_Stewart
Employee
KOR, the HTTP profile's Request Header insert field will not accomplish what you're looking for. It will not expand an iRule value like [IP::client_addr], but rather takes a static value (ex. TEST=Foo). Further, the Insert X-Forwarded-For option will explicitly insert an "X-Forwarded-For" header into the request. If you want a specific header name other that X-Forwarded-For, you would want to use an iRule:
when HTTP_REQUEST { HTTP::header insert X-BIGIP-CALLING-IP [IP::client_addr] } - nitass
It looks like Google adds a new header to pass the original IP address from the client:
Forwarded: for=105.235.130.92
You may use an iRule to extract the IP address from that header and add it to the X-forwarded-for header.
is it something like this?
