For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

fgomez_219402's avatar
fgomez_219402
Icon for Nimbostratus rankNimbostratus
Aug 09, 2016

x-forwarded-for on Protocol profile for HTTPS

Hi,   I recently came across an issue with a VS. SSL offloading had to be removed from the device, termination is now handled server-side. Since I was using an HTTP profile for my HTTP and HTTPS V...
application delivery
BIG-IP
devops
Vijay_E's avatar
Vijay_E
Icon for Cirrus rankCirrus
Aug 09, 2016

The VS needs the client ssl profile in order to decrypt the packet. Decryption is essential in order to insert the XFF header. If it is essential that the server process SSL traffic and XFF header insertion is required, then you can utilize client-side & server-side SSL on the VS. This will enable the F5 to decrypt the packet, insert XFF header, encrypt the packet again and send it to server which can then process the packet as SSL traffic.