For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

YossiV's avatar
YossiV
Icon for Nimbostratus rankNimbostratus
Jul 24, 2016

OneConnect And RealClientIP

Hi, we started to deploy the Oneconnect mode on one of our Vservers. it works fine but the issue is that it is a BO system and i need to see the RealClientIP of each http request for reports etc.. si...
application delivery
iRules
LTM
oneconnect
YossiV's avatar
YossiV
Icon for Nimbostratus rankNimbostratus
Jul 25, 2016

Well so i though i solved the issue but it seems like i didn't. Using /32 solved the issue but the server side connection started to jump, since its a service that open to the whole world it will keep each session open. So i used the default oneconnect profile and used the irule I wrote above but it didn't work it. Any idea how can i use the one connect and not loosing the real client ip..

 

YossiV's avatar
YossiV
Icon for Nimbostratus rankNimbostratus
Jul 25, 2016

Hi Odaah no i still didn't find a solution. i tried using the Http profile with "Insert X-Forwarded-For" and than assign the irule:

when HTTP_REQUEST {
if {[HTTP::header exists "X-Real-IP"]}{
    snat [HTTP::header "X-Real-IP"]
}
elseif {[HTTP::header exists "X-Forwarded-For"]}{
    snat [HTTP::header "X-Forwarded-For"]
}
else {
    return
}

but it didn't work, i still see clients reaching to my Bo site with addresses that belongs to other client. (example client from China got an address that belong to Client from US) when client generated a report he saw that someone logged in from US and made a deposit. i was needed to Calm him down and explain him that its not a fraud 🙂

maybe the irule is not correct.