Forum Discussion
Soda_Cup_148395
Nimbostratus
Hi,
Okay, I think that might be because that is from one of your proxies that already inserts XFF, correct? I hinted earlier that you might need to adjust the behavior per client(or proxy) IP. I might have some bad indentation here but this is something to the idea-
when HTTP_REQUEST {
if { [IP::addr [IP::client_addr] equals IP_PROXY_THAT_ALREADY_INSERT_XFF/CIDR] } {
we know this proxy already inserts XFF, so dont do anything but load balancer
pool [LB::server pool]
} else {
insert client IP to add visibility after f5 SNAT
set XFF [IP::remote_addr]
HTTP::header replace "X-Forwarded-For" $XFF
}
}
also if the proxies are sending multiple http requests per connection you may need to enable oneconnect to get your iRule to work correctly.
Let me know how your ssldump goes...
Scott123456789
Mar 28, 2017Cirrus
If the XFF for the true client was in place, wouldn't I see it in the header? I don't see when I look at traffic on the F5, so I don't think it is in place.