X-Forwarded-For and SNAT-clientside/serverside ssl profile

Question

i have A vip WITH A SNAT2VIP irule, a clientside ssl profile and a serverside ssl profile, and xff enabled on the http profile.&nbsp;
the issue im seeing is that the xff header contains both the client source ip address, and the SNAT address.  I am expecting to only see the client source address, but im wondering that since there is an ssl serverside profile, that is basically a proxy and is inserting the VIP into the header before it gets sent to the web server.  anyone know the definitive answer on what should be seen in the xff header in this situation?  thanks.&nbsp;

shaggy · Answer

is the web server also inserting XFF? I've seen instances before where the web server (apache specifically) inserts the client-IP as an xff value before it logs the connection.&nbsp;
ssl profiles have nothing to do with inserting the xff header - that's entirely at the HTTP level (profile, irule, etc)&nbsp;

Forum Discussion

X-Forwarded-For and SNAT-clientside/serverside ssl profile

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

Related Content

Extracting X-Forwarded-For in Node.js

X-Forwarded-For Log Filter for Windows Servers

X Forwarded For Single Header Insert

TCP Option 28 X-Forwarded-For Header

IIS X-Forward-For ISAPI Filter

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS