Forum Discussion
cmvanwyk_16989
Oct 30, 2011Nimbostratus
source ip pass-through for sourced based ip authentication
I'm still getting warmed up to F5's so please bare with me :)
Have web servers which do source based ip authentication
Trying to have as little effort on the developer side as possible for now and future projects
Would an iRule be easiest ? if so, some guidance in code would be awesome :)
If another recommended way, then please let me know what you think
Many thanks in advance
Chris
- nitassEmployeeif routing is correct, bigip does not need to perform snat on server-side connection (between bigip and pool member). so, web server should be able to see real client ip address.
- Ferg_104721NimbostratusIf SNAT is enabled on the virtual server and then the pool member server will not see the original source ip address. As previous, if no snat and your are relaying on routing this should work find. If you are using SNAT you have two choices, routing and forwarding virtual servers or x-forwarded-for (or some other kind of header insertation) but your backend server will need to ahve the ability to capture x-forwarded-for or remove a custom header. happy for anyone else to tell me i am wrong in my thoughts.
- cmvanwyk_16989NimbostratusThanks for the feedback
- nitassEmployeeI had SNAT enabled...so I set to none now and created default gateway for route domain to the firewall interface on same vlan
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects