Forum Discussion
jondyke_46152
Nimbostratus
NimbostratusPasstrhough irule source IP
I am using the HTTPS passthrough irule on some of my sites. Is there any way to get the source IP address sent through to the IIS logs? On HTTP I have x-forwarded switched on (and have the ISAPI filter installed on the sites). But on HTTPS it never touches the HTTP profile so x-forwarding never happens.
Any suggestions or am I going to have to live with it?
3 Replies
- Your HTTPS traffic should still make use of the HTTP profile, assuming you have SSL terminating on the BIG-IP. Unless I'm mistaken you should be able to use the x-forwarded header option just fine. Even if that's not working, you could use a simple iRule that does an HTTP::header insert to put in the info.
Again, all of this is assuming you're terminating SSL on the BIG-IP.
Colin 
jondyke_46152Hi Colin
Thanks for the response but I did mention I was using HTTPS passtrhrough so SSL is not terminating on the F5 in the case of these sites. I need to due to do passthrough on these sites due to the use of client certificates.
Thanks,
Jon
hoolioCirrostratus
Hi Jon,
The typical way to pass the original client IP would be in an HTTP header. If you aren't decrypting the SSL on LTM, you wouldn't be able to insert an HTTP header in the request sent to the pool member. There isn't another mechanism to pass this information in the request for HTTPS. So you'd either need to go without the original client IP in your existing scenario, change the routing so you don't need to SNAT the traffic or decrypt the traffic on LTM so you can insert the XFF header.
Aaron
