x-forwarded-for http to https ssl client ip

Question

we have a website say a.com that requires ssl with 2 nodes. we have an irule 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;   if { [HTTP::host] contains "a.com"} { 
&nbsp;     HTTP::redirect "https://[HTTP::host][HTTP::uri]" 
&nbsp;  } 
&nbsp; } 
&nbsp;  
&nbsp; all of the client ips are showing up in the iis logs as  
&nbsp;  
&nbsp; 2009-12-11 19:32:28 W3SVC446867077 172.16.3.240 GET /default.aspx - 443 - 172.16.3.10 - 302 0 0 
&nbsp; or 
&nbsp; 2009-12-11 19:32:28 W3SVC446867077 172.16.3.241 GET /default.aspx - 443 - 172.16.3.10 - 302 0 0 
&nbsp; on each of the nodes 
&nbsp;  
&nbsp; we have tried adding the xforward HTTP::header insert "X-Forwarded-For" [IP::client_addr] like it says here http://devcentral.f5.com/weblogs/macvittie/archive/2008/06/02/3323.aspx and added the isapi filter like it says here for iis http://devcentral.f5.com/weblogs/joe/archive/2005/09/23/1492.aspx 
&nbsp;  
&nbsp; we have tried changing it in the http profile but that doesnt seem to do anything either. any help is much appriciated. 
&nbsp; Thanks

james_quinby_46 · Answer

What is 172.16.3.10? Is that the address of your LTM? The X-Forwarded-For header is normally inserted to provide the client source IP when the LTM is SNAT'ing, that is, deployed in "one-armed" mode. Is that how your virtual server is configured now?

Forum Discussion

x-forwarded-for http to https ssl client ip

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Extracting X-Forwarded-For in Node.js

TCP Option 28 X-Forwarded-For Header

X-Forwarded-For Log Filter for Windows Servers

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS