Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Huw_Jenkins_425's avatar
Huw_Jenkins_425
Icon for Nimbostratus rankNimbostratus
Dec 01, 2006

Preserve Client IP in HTTP Header when using SNAT

Hi     i am trying to configure an iRule to preserve the client ip address when connecting to a VS. i have configured the following iRule, and added to the VS, but when i view the IIS logs on t...
application delivery
dev
devops
irules
Chad_Roberts_21's avatar
Chad_Roberts_21
Icon for Nimbostratus rankNimbostratus
Dec 01, 2006
I think the only thing wrong with your iRule is that you're using [IP::remote_addr] instead of [IP::client_addr]. Be definition, you're using the end IP, not the start.

However, if you're trying to add this header to ALL traffic on that virtual server without putting in any additional logic, you'd be better off simply adding the header in the HTTP profile. There is a "Header Insert" option there where you could place it instead. Instead of the syntax you used above, I believe it would be

ORIG_CLIENT_IP:[IP::client_addr]

(Edit - I mistyped the one above the first time. Oops...)

Also, note the option in there called "Insert XForwarded For." This does the exact same thing you're trying to do, except the name of the header is "X-Forwarded-For" instead of "ORIG_CLIENT_IP".