SNAT IP is messing up Auditing

Question

Greetings....&nbsp;&nbsp;
I am an F5 newbie.&nbsp;
We have a VIP set up using SNAT to access our Application servers.&nbsp;
The auditing tool we use to identify unique users does not work as it always registers the SNAT IP.&nbsp;
&nbsp;Is there a way to configure an iRule to have the packet include the original source IP address?&nbsp;&nbsp;&nbsp;
Thank you in advance for any help...!&nbsp;&nbsp;

johns · Answer

If it is HTTP or HTTPS app (and your offloading SSL on the BIG-IP), then you can use the HTTP profile to insert client IP and extract in on the server for logging it in usual location. 
&nbsp;  
&nbsp; With Apache, this is pretty trivial as illustrated in article at the following link: 
&nbsp; http://devcentral.f5.com/weblogs/macvittie/archive/2008/06/02/3323.aspx 
&nbsp; With IIS, it requires a bit more work to accomplish: 
&nbsp; http://devcentral.f5.com/weblogs/Joe/archive/2009/08/19/x_forwarded_for_log_filter_for_windows_servers.aspx

Forum Discussion

SNAT IP is messing up Auditing

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Auditing Security Policy Updates

Quantum Computer decrypt RSA, Bitcoin PQC, Solidity audit tool, Meaningless threat

Audit WAF changes

Logging/Audit Binary Execution?

Image installation status audited

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS