Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

f5gurunot's avatar
f5gurunot
Icon for Cirrus rankCirrus
Feb 02, 2023
Solved

TCP Option 28 X-Forwarded-For Header

Using Akamai for DDOS mitigation and the requests sent to us show Akamai IP instead of the Client IP.  I have enabled TCP Option 28 and trying to insert the Client IP into X-Forwarded-For header.  I ...
application delivery
  • xuwen's avatar
    xuwen
    Feb 03, 2023

    when CLIENT_DATA {
    set opt28 [TCP::option get 28]
    if { [string length $opt28] == 4 } {
    binary scan $opt28 H8 addr
    scan $addr "%2x%2x%2x%2x" ip1 ip2 ip3 ip4
    set optaddr "$ip1.$ip2.$ip3.$ip4"
    log local0. "optaddr is $optaddr"
    log local0. "ip addr parse result is [IP::addr parse -ipv4 $opt28]"
    }
    }

xuwen's avatar
xuwen
Icon for Cumulonimbus rankCumulonimbus
Feb 02, 2023

Have you bound the created  tcp_option profile in this VS?

create ltm profile tcp PROFILE_NAME tcp-options “{option <first|last>} {option <first|last>}”

Can you give the configuration of list ltm virtual xxx and list ltm profile tcp tcp_option_XX and the error log in /var/log/ltm