Forum Discussion
NimbostratusOneConnect And RealClientIP
NimbostratusWell so i though i solved the issue but it seems like i didn't. Using /32 solved the issue but the server side connection started to jump, since its a service that open to the whole world it will keep each session open. So i used the default oneconnect profile and used the irule I wrote above but it didn't work it. Any idea how can i use the one connect and not loosing the real client ip..
Vijay_ECirrus
Did you solve the problem or still need assistance ?
Have you tried using XFF header within the HTTP profile and used the XFF header to obtain the original client IP @ the server level ?
- YossiV
Hi Odaah no i still didn't find a solution. i tried using the Http profile with "Insert X-Forwarded-For" and than assign the irule:
when HTTP_REQUEST { if {[HTTP::header exists "X-Real-IP"]}{ snat [HTTP::header "X-Real-IP"] } elseif {[HTTP::header exists "X-Forwarded-For"]}{ snat [HTTP::header "X-Forwarded-For"] } else { return }but it didn't work, i still see clients reaching to my Bo site with addresses that belongs to other client. (example client from China got an address that belong to Client from US) when client generated a report he saw that someone logged in from US and made a deposit. i was needed to Calm him down and explain him that its not a fraud 🙂
maybe the irule is not correct.
- YossiV
Ok so i think i know what is my issue: https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9816.html?sr=21470362 i am also using ASM module. so that might be the issue :\
- boneyard
MVP
that sol points to what Odaah was saying earlier, did you already try changing your OneConnect mask to 255.255.255.255 or enable SNAT?
