IRULE to remove a header value

I've tried this, using replace instead of insert, but didnt do anything different, still inserted the ip:

when HTTP_REQUEST { HTTP::header replace X-MS-Forwarded-Client-IP [IP::remote_addr] }

Hi, I'm wondering if another downstream system is adding to the header that you created, as the F5 cannot add the SNAT IP with the config you have shown and the irule should create create/replace the header as desired.

That header is added by office 365, a user on premise goes to the office 365 portal and tries to log in, ADFS kicks in at that point and the the login request goes to our external ADFS web proxy vip then to our internal adfs vip.

office 365 --> ADFS webproxy F5 VIP (DMZ) --> ADFS Internal F5 VIP --> user authenticated, then authentication token sent back to office 365 to allow the login

Use replace instead of insert, which will just add another header. Try putting in the following log statements before after the header replace to see what headers are coming in and what are being sent out.

when HTTP_REQUEST { 

  foreach x [HTTP::header names] {
    if { $x equals "X-MS-Forwarded-Client-IP" } {
      log local0. "Incoming $x: [HTTP::header $x]"
    }
  }

 HTTP::header replace X-MS-Forwarded-Client-IP [IP::remote_addr]

  foreach x [HTTP::header names] {
    if { $x equals "X-MS-Forwarded-Client-IP" } {
      log local0. "Outgoing $x: [HTTP::header $x]"
    }
  }
}

you should see something like this in the logs, e.g. a request from 10.12.12.1 client-ip but with a X-MS.. header of 11.11.11.11, the F5 is replacing the header with 10.12.12.1 as per rule ...

curl -vv -H "X-MS-Forwarded-Client-IP: 11.11.11.11"  http://10.10.10.10

Rule /Common/test1 : Incoming X-MS-Forwarded-Client-IP: 11.11.11.11
Rule /Common/test1 : Outgoing X-MS-Forwarded-Client-IP: 10.12.12.1

Thanks!