For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dlogsdonmd's avatar
dlogsdonmd
Icon for Nimbostratus rankNimbostratus
Oct 05, 2016

x-Forward-For HTTP client IP

Hello, I'm not sure how to configure my VIP to forward the client IP to the hosting servers given our VIP doesn't actually have a pool assigned, but uses an iRule instead. We have a two VIP obje...
application delivery
BIG-IP
LTM
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Oct 05, 2016

XFF should work from the assigned HTTP profile however, if not working or just want to do it via an iRule simple add the line of your second iRule

HTTP::header insert X-Forwarded-For [IP::remote_addr]

As the first line of your first script, i.e. Insert XFF header first before selecting the pool, see below.

when HTTP_REQUEST {

HTTP::header insert X-Forwarded-For [IP::remote_addr]

 if { [string tolower [HTTP::host]] contains "cpacd." } { 
   if {[active_members ACD_CPACD_Pool] > 0} { 
      pool ACD_CPACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "hfacd" } { 
   if {[active_members ACD_HFACD_Pool] > 0} { 
      pool ACD_HFACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "afacd" } { 
   if {[active_members ACD_AFACD_Pool] > 0} { 
      pool ACD_AFACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "fsedacd" } { 
   if {[active_members ACD_FSEDACD_Pool] > 0} { 
      pool ACD_FSEDACD_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "acdanalytics" } { 
   if {[active_members ACD_ACDANALYTICS_Pool] > 0} { 
      pool ACD_ACDANALYTICS_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "cpdmt" } { 
   if {[active_members ACD_CPDMT_Pool] > 0} { 
      pool ACD_CPDMT_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
 elseif { [string tolower [HTTP::host]] contains "hfdmt" } { 
   if {[active_members ACD_HFDMT_Pool] > 0} { 
      pool ACD_HFDMT_Pool
   } else { 
      HTTP::redirect "http://maintenance.acc.org" 
      event disable all 
   } 
 }
else {
      HTTP::respond 404 content "Unrecognized request to [HTTP::uri]" "Content-Type" "text/html" 
    }
}