For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gregory_Gerard_'s avatar
Gregory_Gerard_
Icon for Nimbostratus rankNimbostratus
Apr 30, 2008

Oddities in XForwardedFor?

I'm using Tomcat as a webserver and I've got access logs recording the XForwardedFor header into the log.     The oddity I'm seeing is this:   10.20.108.103,unknown     My internal netw...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 01, 2008
It's possible that a client or previous network device is inserting an XFF header. It's also possible that the BIG-IP is inserting an invalid value (bug?). nmenant's example should help you determine what's happening. If you get a runtime error from the example when trying to use the HTTP::header command in the HTTP_REQUEST_SEND event, you could try forcing the HTTP::header command into the clientside context using 'clientside {HTTP::header "X-Forwarded-For"}'.

If you are using the client IP address for anything more important than reporting, it would be good to use an iRule to remove any existing instances of the header you're going to insert before you actually insert the new header. Here's an example:


when HTTP_REQUEST {
    Remove all instances of the custom header
   while {[HTTP::header exists X-Forwarded-For]}{
      HTTP::header remove X-Forwarded-For
   }
    Insert a new XFF header with the client IP address as a value
   HTTP::header insert X-Forwarded-For value [IP::client_addr]
}

Aaron