For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Comex_17260's avatar
Comex_17260
Icon for Nimbostratus rankNimbostratus
Dec 15, 2011

Preserve client ip (Stealth LB)

Hello Everybody, I made a search through discussions to see if this subject is covered, and apparently it is not. I have several applications running on my servers behind my Big-IP 10.2.x LB,...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 15, 2011
Hi Comex,

 

 

Is this for IIS only? If so, here's a possible solution:

 

 

 

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aff/31/afv/topic/aft/1178815/afc/1227279/Default.aspx

 

Posted By rjordan on 05/06/2011 12:53 PM

 

Regarding something simple to attempt, try installing ARR Helper for IIS (http://blogs.iis.net/anilr/archive/2009/03/03/client-ip-not-logged-on-content-server-when-using-arr.aspx). This will rewrite the REMOTE_ADDR value with the X-Forwarded-For value. We've used this when we have to deal with some closed source applications that can't be updated to look at X-Forwarded-For. I don't think it rewrites the source IP in the web logs, though.

 

 

 

Another option would be to modify the servers to set the default gateway to an LTM self IP and then disable SNAT.

 

 

Aaron

 

Aaron