Forum Discussion
Using an irule/other method to preserve source ip
Hi kbk491 ,
Just changing SNAT settings to none is not going to work here. In order to work this, you should have backend server default gateway pointed to the F5. Then only it will work or else it will create asymmetric routing issue and url won't work. It seems you are having the same issue.
To achieve your requirement,
1. You can enable XFF settings to preserve the true client IP when SNAT is enabled. Below article will help you on it.
https://support.f5.com/csp/article/K4816
2. If you want to try with disabling SNAT settings, then make sure backend app server default gateway is pointed to F5. But it will cause your internet traffic also sending to F5 first. So you need to take that into consideration.
Hope it helps!
- kbk491Aug 12, 2022Altostratus
So for option 1 in the article there is this part:
Configuring the web server to extract the IP address from the HTTP header
We have an oracle website hosted on cisco ucs blade chassis, so which of the above would be applicable?
- Mayur_SutareAug 13, 2022MVP
Hi kbk491
If you have a way to verify HTTP headers coming to your backend server from F5, then you should be able to see that true client ip in the HTTP Header when XFF is enabled on the F5 vServer.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com