For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Paul_Roberts_16's avatar
Paul_Roberts_16
Icon for Nimbostratus rankNimbostratus
Jul 21, 2014

X-Forwarded-For and SNAT addresses

When debugging a minor issue for a client a couple of weeks ago, I wound up staring at a screenful of header dump that showed the X-Forwarded-For value which appears to be not the IP address of the r...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 21, 2014

It's definitely safe to say that the XFF header should hold the client's true source. What happens if you log it?

when HTTP_REQUEST {
    log local0. "client IP is [IP::client_addr]"
    HTTP::header replace X-Forwarded-For [IP::client_addr]
}

Any chance that you're logging configuration is not correctly picking up the XFF header? Can you do a tcpdump server side capture to see exactly what is coming from the BIG-IP?