What does the BIG-IP LTM do when it can not insert an X-Forwarded-For

Question

Hi;&nbsp;I have an F5 virtual server listening on port 8080 and load balancing two forward explicit proxies. I want the F5 to add an XFF header as I am using SNAT auto map. &nbsp;The F5 is only load balancing and when the explicit proxy traffic is clear text http, I know the F5 adds the XFF without any issues. Also, when there is a request with a "Connect" http method, the F5 adds the XFF too.&nbsp;My question is what happens when the http datagram destined to port 8080 has a TLS payload, like a "client hello" for example. I know that the F5 in this case will not insert the XFF header. However, I am more interested in what the F5 will do to this datagram. Does it drop it, or pass it without the XFF.&nbsp;&nbsp;KindlyWasfi

niels_van_sluis · Accepted Answer

Hi Wasfi,&nbsp;When using LTM without the required licenses like SSLO or SWG to intercept SSL traffic via the Explict Forward Proxy, it will just pass the SSL traffic without changing the payload. &nbsp;Kind regards,&nbsp;     --Niels

Forum Discussion

What does the BIG-IP LTM do when it can not insert an X-Forwarded-For

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Integrate BIG-IP with AWS CloudWAN Service Insertion

Prevent a Spoof of an X-Forwarded-For Request with BIG-IP

Performance L4 VS - HTTPS [X-forwarded-for]

X-Forwarded-For HTTP Module For IIS7, Source Included!

Prepare BIG-IP Central Manager for Automation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS