Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Robert_Luechte2's avatar
Robert_Luechte2
Icon for Cirrus rankCirrus
Aug 26, 2019

Setting serverside IP address to value received in x-forwarded-for header

I have an interesting situation involving SNAT, and haven't been able to find any existing answers.   There is a website that goes to a third party location first. After their processing, the ...
application delivery
irules
LTM
Lee_Sutcliffe's avatar
Lee_Sutcliffe
Icon for Nacreous rankNacreous
Aug 27, 2019

I am providing this iRule as an example - however I'm not 100% if it work.

Firstly, you need to be confident that return traffic will be directed to the F5 as the only option to change the client IP address is to SNAT the source IP. i.e. your back end servers need to have F5 as the default gateway.

F5 should un-NAT the address for return flows but I've never done this with an IP address that isn't in the same range as a self IP on the device. 

when HTTP_REQUEST {
    if {[HTTP::header exists "X-Forwarded-For"]} {
        snat [HTTP::header value "X-Forwarded-For"]
    }
}