Forum Discussion

Cirrus

Mar 15, 2016

Multiple X-Forwarded-For ip address

We have enabled X-Forwarded-For on F5 and in apache we have added following code LogFormat blah...\"user-agent\": \"%{User-agent}i\", \"client\": \"%{X-Forwarded-For}i\",...blah Now i am doing ex...

Nacreous

Mar 15, 2016

Absolutely. In your HTTP profile, make sure Accept XFF is not check. Are you adding X-Forwarded-For via iRule or your HTTP profile?

Brad_Parker_139

Nacreous

Mar 16, 2016

So in your HTTP profile you are right you should enable X-Forwarded-For since you are using SNAT, but you don't want to accept an X-Forwarded-For from someone else. That's what that check box for "Accept XFF" is for. It prevents the forged header from being excepted.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Multiple X-Forwarded-For ip address

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

Related Content

Extracting X-Forwarded-For in Node.js

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

X-Forwarded-For Log Filter for Windows Servers

X Forwarded For Single Header Insert

TCP Option 28 X-Forwarded-For Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS