Forum Discussion
satish_txt_2254
Mar 15, 2016Cirrus
Multiple X-Forwarded-For ip address
We have enabled X-Forwarded-For on F5 and in apache we have added following code
LogFormat blah...\"user-agent\": \"%{User-agent}i\", \"client\": \"%{X-Forwarded-For}i\",...blah
Now i am doing ex...
Brad_Parker_139
Nacreous
Absolutely. In your HTTP profile, make sure Accept XFF is not check. Are you adding X-Forwarded-For via iRule or your HTTP profile?
Brad_Parker_139
Mar 16, 2016Nacreous
So in your HTTP profile you are right you should enable X-Forwarded-For since you are using SNAT, but you don't want to accept an X-Forwarded-For from someone else. That's what that check box for "Accept XFF" is for. It prevents the forged header from being excepted.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects