Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Brandon_12607's avatar
Brandon_12607
Icon for Nimbostratus rankNimbostratus
Apr 22, 2019

insert_xforwarded verification

I have enabled insert_xforwarded oh the Http profile of the VIP.   I wanted to verify the F5 was working correctly. What is the best way to verify packet capture or a logging iRule? any examples ...
application delivery
irules
LTM
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Apr 23, 2019

Hi,

the best way to verify that F5 include correctly XFF is irule on F5 side or check logs in App side.

The best way is F5, you have the event:

HTTP_REQUEST_RELEASE : https://devcentral.f5.com/wiki/iRules.HTTP-REQUEST-RELEASE.ashx

An triggered when the system is about to release HTTP data on the of the connection. This event is triggered after modules process the HTTP request. So this event trigged after F5 process just before the request is sent to the backend (there is no additional process so the request is not changed anymore).

You can use my Irule:

https://devcentral.f5.com/codeshare/ultimate-irule-debug-capture-and-investigate-1183

and in irule set the var like this:

array set app_arrway_referer {
    client_dest_ip_port 1
    client_cert  0
    http_request 1
    http_request_release 1
    http_request_payload 0
    http_lb_selected 0
    http_response 0
    http_response_release 0
    http_response_payload 0
    http_time_process 0
}

So in logs (/var/log/ltm) you will see igress request and degress request (With header added by F5).

keep me in touch if you need more details.

regards