For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

satyr's avatar
satyr
Icon for Nimbostratus rankNimbostratus
Jul 20, 2021

The request contains two IP address: 1 of the client and 1 append for cloudflare

Hello   When my VS is invoked from Cloudflare, the header contains two ip addresses. I have identified that the first ip address of the header corresponds to the user that connects and the second...
application delivery
cloud
iRules
LTM
satyr's avatar
satyr
Icon for Nimbostratus rankNimbostratus
Jul 22, 2021

Hello Daniel

 

In this moment the traffic flow is: Cloudflare-->F5 Virtual Server--> Backend Servers

 

In the backend servers (httpd.conf archive), I have the following line to capture the remote ip address

 

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common

  SetEnvIf X-Forwarded-For "^.\..\..\.." forwarded

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jul 22, 2021

Hallo Satyr,

 

you should add a log statement to the iRule or do a tcpdump in order to monitor whether the True-Client-IP Header contains two IP addresses or if the second IP is added by something else to the XFF header.

 

KR

Daniel