x-forwarded-for on Protocol profile for HTTPS

Question

Hi,&nbsp;
I recently came across an issue with a VS. SSL offloading had to be removed from the device, termination is now handled server-side. Since I was using an HTTP profile for my HTTP and HTTPS VSs, I had a profile that enabled XFF insertion, and it was working fine. Due to the fact that SSL termination needs to be done server-side from now on, I changed my VSs profile to Performance (HTTP). A custom Protocol profile that enables XFF insertion is working fine for my HTTP VS, but it won't work on my HTTPS VS. Am I missing something? or is this conceptually wrong?&nbsp;
Thanks in advance.&nbsp;

vijay_e · Answer

The VS needs the client ssl profile in order to decrypt the packet. Decryption is essential in order to insert the XFF header. If it is essential that the server process SSL traffic and XFF header insertion is required, then you can utilize client-side & server-side SSL on the VS. This will enable the F5 to decrypt the packet, insert XFF header, encrypt the packet again and send it to server which can then process the packet as SSL traffic.

Forum Discussion

x-forwarded-for on Protocol profile for HTTPS

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Extracting X-Forwarded-For in Node.js

X-Forwarded-For Log Filter for Windows Servers

X Forwarded For Single Header Insert

F5 MCP(Model Context Protocol) Server

TCP Option 28 X-Forwarded-For Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS