For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PhilippeG's avatar
PhilippeG
Icon for Nimbostratus rankNimbostratus
Apr 15, 2019

SSL Forward proxy and X-Forwarded-for

Hello all I followed the different articles to create a forward proxy and it works well for HTTP and HTTPS I need now to add the X-forwarded-for field in queries to send IP client information to the next device I modified for this the explicit proxy HTTP profile (of my VS proxy 8080) and it works for the HTTP traffic I modified my http profile for VS HTTPS 0.0.0.0/0:443 and it works except that instead of having the IP address of the client, I have F5 SNAT IP When I look at the IP :: client_addr or IP :: remote_addr variables, I see the SNATs of the F5 and not the IP address of my client. How to recover it? Thanks for your help

 

application delivery
LTM

1 Reply

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 15, 2019

    you can write an irule like :

    when HTTP_REQUEST {
    if {[HTTP::method] equals "CONNECT } {
        snat none
    }
}

    then enable SNAT in VS HTTPS 0.0.0.0/0:443