Issue with value of X-Forwrded-For header + Incapsula

Question

One of our application has X-FORWARDED-FOR enabled and spoofing protection is enabled as well. The application use Incapsula Web Application Firewall for internet traffic, it accepts traffic from client and forwards to F5. The app team can only see Incapsula IP address instead of client IP addresses. Is there a way where F5 can retain client IP addresses provided by Incapsula so that they can see client IP's instead on Incapsula IP.&nbsp;
Our X-FORWARDED-FOR profile is configured this way
Request Header Erase : X-FORWARDED-FOR
Request Header Insert : X-FORWARDED-FOR:[IP::client_addr]&nbsp;

jg · Answer

Please see "https://devcentral.f5.com/questions/asm-dos-protection-and-trust-xff-header".&nbsp;

jstauffacher_11 · Answer

Try pulling the IP out of the 'Incap-Client-IP' Header. Incapsula puts it in both (for some reason). &nbsp;

Forum Discussion

Issue with value of X-Forwrded-For header + Incapsula

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

(HTTP) Redirection via Arbitrary Host Header

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

Log Http Headers

Security headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS