X-forward-for not logging in apache listening on port 443

Can you describe the SSL setup on the F5 and Apache servers please. Are you actually terminating the SSL on the F5?

You can also skip the iRule and just enable the X-Forwarded-For option in the HTTP profile applied to the VIP (assuming you're terminating and optionally re-encrypting the SSL).

Hi, i have checked my configurations.

In the HTTP profile i have enable X-forwarded-for for my Virtual Server.

I also have a Client_SSL profile and a server SSL profile. Therefore the SSL termination should be in place before F5 try to re-encrypt the ssl traffic.

I also tried to sniff the traffic at the backend (from F5 VSIP to my apache server). I can't seems to find the X-forwarded-For fields in the HTTP header when i try to decrypt using my apache server private key.

Or the Tcpdump that i perform was done incorrectly?

the dump syntax i use is: tcpdump -nnvvXSs 1514 -i dst -w /var/tmp/xxx.pcap

I am using wireshark with my apache private key defined in "preference -> SSL --> RSA Key list"

What am i missing?

Are you seeing the clear text HTTP traffic in Wireshark?

An iRule to insert an XFF and for crosscheck would look like this:

when HTTP_REQUEST {
    HTTP::header insert X-Forwarded-For [IP::client_addr]
}

when HTTP_REQUEST_SEND {
    if {[clientside {HTTP::header exists "X-Forwarded-For"}]} {
        foreach xffvalue [clientside {HTTP::header values "X-Forwarded-For"}] {
            log local0. "serverside XFF: $xffvalue"
        }
    }
}

Run 'tail -f /var/log/ltm' to verify the header insert in the LTM log facility.