Forum Discussion
NimbostratusHTTP x-forward-for
Hi all,
I have configured the x-forward-for virtual server as below.
<vitual server>
type : standard
protocol : tcp
Source Address Translation : Automap
HTTP Profile : Added profile with 'Insert X-Forwarded-For' enabled
The symptoms are as follows.
1) Configure the service port of the virtual server to 80 or 8080.
- BIG-IP recognizes the port as http and adds the Client IP to the header.
2) Configure the service port of the virtual server to 11211.
- BIG-IP recognizes the port as TCP and does not operate X-forward-for.
I have a few questions.
Q1) For X-forward-for to operate, does the HTTP well-known(80,8080) port that BIG-IP knows must be configured as a service port?
Q2) Is there a way to make X-forward-for work by configuring unknown-port on the service port?
Q3) Are there any other service ports that F5 recognizes with HTTP other than 80,8080?
Thanks,
3 Replies
- Aswin_mk
MVP
I hope you have applied correct profiles. Could you please check F5 able to communicate with backend pool or not. Please take a full capture that include front and backend communication. If backend communication success only , F5 will start the http connection.
Hope your vip is up and F5 able to connect server via automap. Try via capture
- zamroni777
the vserver port number should not matter.
do tcpdump on the vserver for both scenarios then check the http headers.
if your vserver is ssl terminating, add ssl decrypt option
https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab10.htmlin your situation, i suspect there is node between client and f5 that actually fills the the xff header.
KaiTTThe capture below is the result of configuring XXF with 11211 ports.
Because BIG-IP recognizes 11211 port as TCP, it appears that HTTP headers cannot be added.
