Forum Discussion

Cirrus

Mar 23, 2017

X-Forwarded-For through proxy and F5

My organization recently got the ASM module when they purchased a pair of 5250Vs. I've never used ASM before and we don't have anyone in our organization that has either, so I'm learning on the fly. ...

Nimbostratus

Mar 27, 2017

You are right I believe the proxy needs to be decrypting to modify the http header, and insert the XFF. The client SHOULDN'T be inserting its own XFF, though it could it can do whatever it wants.

If I understand right, this is the simplified issue:

-some requests to the f5 already have XFF, as they are proxies -some requests to the f5 are from regular clients -f5 is using SNAT, so XFF needs to be inserted

I think if you create a list of proxy IPs that already insert XFF for you and 'regular' clients then the newer iRule I posted should lead you toward the fix.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

X-Forwarded-For through proxy and F5

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Extracting X-Forwarded-For in Node.js

TCP Option 28 X-Forwarded-For Header

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

X-Forwarded-For Log Filter for Windows Servers

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS