X-FORWARDED-FOR and Session Persistence

Hi,

I've been trying to research and find some information, but having real problems with the devcentral site today - majority of the time pages just fail to load.

Hopefully I can explain the situation - and see if anyone can confirm whether my thinking is correct - or alternatively provide a better solution.

We have recently had a new security product put in place in front of our main web farm. Before this, all external traffic to our site was routed through to a Virtual Server IP on our F5. This also haad source_ip persistence enabled on it.

Since having our security product in place - external traffic is now initially routed to a Virtual Server IP on the F5 that then routes to the original Virtual Server IP hitting the web servers. What I am currently seeing, is that as we have source IP session persistence on - on the Virtual Server IP where the end web servers are sat, I presume as traffic is routing from VS ---> VS that the last Virtual Server is seeing the traffic as originating from the 1st Virtual Server IP ? Therefore - what we see is that traffic only hits one of the webservers rather than being balanced between all nodes in the pool.

What I am wondering, is whether we can put an iRule on the first VS - and capture an X-Forwarded-For IP address ( being the actual external IP of the client connecting ) - then have an iRule in place on the 2nd VS that has source IP session persistence, but based on the value in the X-Forwarded-For entry ? This should then at least load balance between the web farm ?

If anyone could give me any pointers, it would be greatly appreciated - not very familiar with irules at all.