For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Jul 03, 2014

Irule to see source IPs

HI All,   I am looking for an option to solve my problem below.   I have a VIP configured with https ports (443,447 etc) with SNAT enabled. Now our Web server want to see the Client IPS , Can y...
application delivery
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 07, 2014

Simply put, if you cannot access the layer 7 HTTP traffic, you cannot insert any information into its payload. And you cannot access the layer 7 HTTP traffic if you do not offload the SSL layer. You can optionally re-encrypt to the server, but you have to at least terminate the client side SSL at the proxy. The very best you can do in lieu of that is perhaps to insert the data into (layer 4) TCP header data using the TCP::option command, but then you'd probably have to add code to your applications to be able to see this data.