x-Forward-For HTTP client IP

Question

Hello, I'm not sure how to configure my VIP to forward the client IP to the hosting servers given our VIP doesn't actually have a pool assigned, but uses an iRule instead.

We have a two VIP objects (HTTP/S) with no pool assigned to either. The HTTP VIP we're using to intercept and redirect traffic to HTTPS (via an iRule). On the HTTPS object we are using an iRule to route client traffic to 7 different pools. I tried enabling the x-forward-for option on the HTTP profile on the HTTPS VIP, but that didn't work. I added an iRule to the HTTPS VIP to handle the x-forward, that didn't do it either. The iRule is included below. Oh, the HTTPS object has both client and server side SSL configured.
Any suggestions? Note: I'm an F5 scripting novice.
Thanks in advance!
iRule on VIP to direct traffic to pools:
when HTTP_REQUEST {

if { [string tolower [HTTP::host]] contains "cpacd." } { 
   if {[active_members ACD_CPACD_Pool] &gt; 0} { 
      pool ACD_CPACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "hfacd" } { 
   if {[active_members ACD_HFACD_Pool] &gt; 0} { 
      pool ACD_HFACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "afacd" } { 
   if {[active_members ACD_AFACD_Pool] &gt; 0} { 
      pool ACD_AFACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "fsedacd" } { 
   if {[active_members ACD_FSEDACD_Pool] &gt; 0} { 
      pool ACD_FSEDACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "acdanalytics" } { 
   if {[active_members ACD_ACDANALYTICS_Pool] &gt; 0} { 
      pool ACD_ACDANALYTICS_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "cpdmt" } { 
   if {[active_members ACD_CPDMT_Pool] &gt; 0} { 
      pool ACD_CPDMT_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "hfdmt" } { 
   if {[active_members ACD_HFDMT_Pool] &gt; 0} { 
      pool ACD_HFDMT_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
else {
      HTTP::respond 404 content "Unrecognized request to [HTTP::uri]" "Content-Type" "text/html" 
    }
}

iRule configured on VIP to run after the above iRule to forward client IP (didn't work).
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}

andy_mcgrath · Answer

XFF should work from the assigned HTTP profile however, if not working or just want to do it via an iRule simple add the line of your second iRule
HTTP::header insert X-Forwarded-For [IP::remote_addr]

As the first line of your first script, i.e. Insert XFF header first before selecting the pool, see below.
when HTTP_REQUEST {

HTTP::header insert X-Forwarded-For [IP::remote_addr]

if { [string tolower [HTTP::host]] contains "cpacd." } { 
   if {[active_members ACD_CPACD_Pool] &gt; 0} { 
      pool ACD_CPACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "hfacd" } { 
   if {[active_members ACD_HFACD_Pool] &gt; 0} { 
      pool ACD_HFACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "afacd" } { 
   if {[active_members ACD_AFACD_Pool] &gt; 0} { 
      pool ACD_AFACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "fsedacd" } { 
   if {[active_members ACD_FSEDACD_Pool] &gt; 0} { 
      pool ACD_FSEDACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "acdanalytics" } { 
   if {[active_members ACD_ACDANALYTICS_Pool] &gt; 0} { 
      pool ACD_ACDANALYTICS_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "cpdmt" } { 
   if {[active_members ACD_CPDMT_Pool] &gt; 0} { 
      pool ACD_CPDMT_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "hfdmt" } { 
   if {[active_members ACD_HFDMT_Pool] &gt; 0} { 
      pool ACD_HFDMT_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
else {
      HTTP::respond 404 content "Unrecognized request to [HTTP::uri]" "Content-Type" "text/html" 
    }
}

Forum Discussion

x-Forward-For HTTP client IP

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Extracting X-Forwarded-For in Node.js

X-Forwarded-For Log Filter for Windows Servers

X Forwarded For Single Header Insert

X-Forwarded-For HTTP Module For IIS7, Source Included!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS