Forum Discussion

Nimbostratus

Feb 05, 2016

X-Forwarded-for with SSL Passthrough (no offloading on LTM)

Hi, Is there a way to get X-forwarded-for working with SSL passthrough (NO offloading)? I have some system owners who refuse to have any form of "man in the middle" sessions and require the...

Nimbostratus

Feb 05, 2016

All HTTP headers (incl. the optional X-Forwarded-For) are subject to encryption whenever SSL is enabled. You cannot read or modify the HTTP headers without offloading the SSL on the clientside.

If the issue is a lack of visibility of the real customer IP address, you may want consider a HSL logging solution, or consider changing your routing topology so that translating a customer IP is no longer required. There are no other options.

Regards,

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

X-Forwarded-for with SSL Passthrough (no offloading on LTM)

Recent Discussions

Problem with lets encrypt and redirect after update

where can find silverline ddos protect config guide?

iRule for client certificate verification and inserting CN

Earth Simnavaz

Should config via cli rather than gui?

Related Content

Extracting X-Forwarded-For in Node.js

TCP Option 28 X-Forwarded-For Header

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

X-Forwarded-For Log Filter for Windows Servers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS