Forum Discussion
CirrostratusIdentify original client ip address for a VIP with only TCP profile
Without disabling SNAT/ Automap,The pool member needs to know the original client address. How can we achieve it? Is there any policy we can apply on the VIP
4 Replies
jayson27Cirrus
Hi,
You can use x-forwarded-for option on http profile.
Reference:
InquisitiveMaiThis vip does not have HTTP profile, can we do something with just tcp profile
- boneyard
MVP
Is asked more often, haven't seen anyone post a working solution for years, see for example:
how to insert client IP address in tcp profile for FTP connections | DevCentral
There might be a chance by playing with the TCP::options, but that is pretty difficult and requires you to some how retrieve that information on the server side: Accessing TCP Options from iRules | DevCentral
I would accept it isn't possible.
- Mayur_Sutare
Configuring the F5 to insert into the TCP header of a connection can be a complicated implementation. So better way is to change the configuration where you can easily achieve the requirement.
- Have HTTP profile configured and enable XFF
- Disable SNAT on the vServer and set gateways of backend servers to F5.
Hope it helps!
