Request come on WAF with single source IP

Question

Hi We have F5 WAF in our environment where one of application is hosted. It is internet application where all users accessing application over internet. When user access application over internet request coming to firewall first and from firewall public ip is natted with private IP which is VIP of F5 WAF. As there is SNAT done on firewall at F5 WAF we are getting only source IP as firewall IP. As we are getting all request from single source IP on WAF we want to just know from WAF architecture point of view does it is proper architecture ? Does it required that actual client IP required to come on WAF?

chris_grant · Answer

You can set the ASM to trust x-forwarded-for (or a customer header of your choosing) and read the client's IP from that. You will need to configure your firewall to insert the proper header, however.

Forum Discussion

Request come on WAF with single source IP

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

Introducing the single Installation script for F5 NGINX Instance Manager

Single Node Persistence

Brute Force protection for single parameter like OTP

Logging DNS Requests

The Power of Source Address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS