Forum Discussion
mhd90_359601
Nimbostratus
NimbostratusValues in X-Forwarded-For when SNAT is enable
Hi
I have a case where user has pointed out that the X-Forwarded-For has F5 self ip. F5 has automap enabled. Is this expected behaviour? The VS has tcp profile, so nothing being done by F5 to the htt...
DaveS_377638
Cirrus
CirrusI suggest you look at the server that is the node for the VS that is setting this header. Since the LTM is set for SNAT/automap, the self IP address will be the client address seen by that server.
mhd90_359601i do have the header capture from the server, and it shows Header [x-forwarded-for]: x.x.x.x x.x.x.x is the f5 self ip
My question is, is this expected behavior? My understanding was, if i dont change or insert anything in the header through F5, the XFF value should not reflect the f5 ip...
DaveSXFF is used to indicate the originating IP address. The configuration details you've given for the LTM means it's not including the header so it must be the back end server that is doing it, confirmed by the address being the LTM self address.
Is this expected behaviour - it will be if server is configured for XFF insertion.
- DaveS_377638
XFF is used to indicate the originating IP address. The configuration details you've given for the LTM means it's not including the header so it must be the back end server that is doing it, confirmed by the address being the LTM self address.
Is this expected behaviour - it will be if server is configured for XFF insertion.
boneyardMVP
when you say "i do have the header capture from the server"
does that mean an actual network packet capture before the server HTTP server software touched it?
i agree with you that it doesn't make sense for the F5 BIG-IP to do this if there is no HTTP profile involved.
but there still can be something else between the F5 BIG-IP and the HTTP server.
and there is the slight chance someone is being playful and inserting it at the client side.