For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gusf5_117081's avatar
gusf5_117081
Icon for Nimbostratus rankNimbostratus
Feb 14, 2014

X-forwarded-for solution IIS 7.5 Aplication Pool, CMS application

Hello,   We have a F5 Load Balance solution set up in passthrough mode. In the VS we have the HTTP profile enable with X-Forward-For and is logging the right information in the IIS Logs. We also h...
application delivery
deployment
devops
iRules
LTM
microsoft
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Feb 18, 2014

Presumably you've applied a SNAT, and using the XFF header as a way to get the client's true address to the web server. Short of disabling SNAT (and configuring the environment in such a way that SNAT isn't necessary), you must find some place to put this information that an application can read. A routed mode configuration would probably be the simplest, if that's one of the only ways your CMS app can see the address, but there are still other options - all highly dependent on what the CMS app is capable of:

 

  1. The TCP::options command set allows you to read/write information into option 28 of the TCP packet.

     

  2. You could potentially tack on query string values or embed the values in request or response content.

     

Can you elaborate on how the CMS app interacts?