Forum Discussion
NimbostratusUsing X-Forward-For to forward origin ip and username
Using X-Forward-For to forward origin ip and username Hello All, Hoping the F5 (fam) community can help me out on this. We have user accounts getting compromised through our password manager and we'd like to use our SIEM to notify us of these events. Can someone please help me with this iRule so that it will pass on the origin ip address and the username?
when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::remote_addr] }
Trying to figure out what I need to add for username and where it needs to go.
Many Thanks!!! Ron
- P_K
Altostratus
what type of authentication you are using? does user type the credentials or is it clientless mode?
Stanislas_Piro2Cumulonimbus
Hi,
X-Forwarded-For is a header to insert only IP address (there is no Standard about this header, so you can put whatever you wan in the header, but ...) so I added a new header.
Do you use APM?
If Yes, you can forward the username with the irule:
when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::remote_addr] HTTP::header insert Username [ACCESS::session data get session.logon.last.username] }you can also do it with Per-request policy instead of irule.
RonMexico_79057LDAP Authentication to an IIS web front end.
