X-Forwarded-For iRule

The reason you would only see the BIG-IP's self IP or SNAT address as the source is if you have SNAT enabled on the VIP. Typically this is done in a network where the nodes aren't configured with the BIG-IP as their default gateway.

 

 

If you were able to either set the default gateway on the nodes to the BIG-IP or configure routing that guaranteed all responses to clients that made requests through the BIG-IP would be sent back through the BIG-IP you could disable the SNAT and preserve the original client IP address.

 

 

If changing the routing isn't an option then you would need to use a SNAT and insert the original client IP address in the XFF header.

 

 

Dev posted a DLL that you can install on IIS servers to parse the XFF header if it's present and log the value as the c-IP.

 

 

Note: "If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used."

 

 

So I would expect this should work for you regardless of whether the client is going through the BIG-IP or not.

 

 

Aaron

 

 

http://devcentral.f5.com/Default.aspx?tabid=38

 

 

 

Author: Joe Pruitt

 

 

Date Uploaded: 9/20/2005 12:22:32 AM

 

 

File Description:

 

 

This IIS ISAPI filter will look for the X-Forwarded-For header in the HTTP request and, if it finds one, it will replace the c-ip (client ip) in the W3SVC log traces with the value of the X-Forwarded-For header.

 

 

This is useful when servers are sitting behind a VIP and have no view on the true client IP address. BIG-IP has the ability to add the client ip as the X-Forwarded-For header and when that is done, this filter will replace the internal address of the BIG-IP with the true client address (or at least what is presented on the client side of the connection to the BIG-IP). If no X-Forwarded-For header is passed in, then no filtering takes place and the passed in client ip will be used.

 

 

To install: Simply add this filter to your IIS Web Site in the IIS admin utility.