Forum Discussion

Peter_McCaldon's avatar
Peter_McCaldon
Icon for Nimbostratus rankNimbostratus
Dec 14, 2020

SNAT / X-FORWARD-FOR breaks HTTPS connection

We are trying to create an iAPP with SSL passthrough and X-FORWARDED set but when we enable SNAT for the X-FORWARDED-FOR (HTTP profile or iRule X-FORWARDED-FOR) the connection seems to stop passing t...
application delivery
BIG-IP
iApps
iis
x-forwarded-for
  • jaikumar_f5's avatar
    jaikumar_f5
    Dec 14, 2020

    SSL Passthrough is FastL4 setup.

    SSL Offload or SSL Offload and Re-Encrypt or in other terms, SSL Bridging are Standard VS setups.

     

    SSL Passthrough cannot alter http data. You cannot perform XFF with fastl4 setup.

    I would request you to follow this article to understand more about HTTP traffic.

Peter_McCaldon's avatar
Peter_McCaldon
Icon for Nimbostratus rankNimbostratus
Dec 14, 2020

Of course! So we have now corrected the setup to be SSL bridging and the site loads, however the X-FORWARDED-FOR still doesnt seem to work. We have run a trace with wireshark and enabled custom logging in IIS but we cannot see the X_FORWARDED-FOR header info.

 

We have checked our setup against https://support.f5.com/csp/article/K4816.

 

Any thoughts?

 

EDIT: I had missed enabling Custon Logging in IIS. this works as expected now