For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Waylon's avatar
Waylon
Icon for Nimbostratus rankNimbostratus
Feb 05, 2016

X-Forwarded-for with SSL Passthrough (no offloading on LTM)

Hi,   Is there a way to get X-forwarded-for working with SSL passthrough (NO offloading)?   I have some system owners who refuse to have any form of "man in the middle" sessions and require the...
application delivery
iRules
LTM
ssl passthrough
Suresh_Gurugubi's avatar
Suresh_Gurugubi
Icon for Nimbostratus rankNimbostratus
Apr 12, 2018

Hello guys, Need some help.

 

It was confirmed we cannot use X-Forward-For for SSL pass-through VIPs, but If I add it, what will happen. is the VIP still works?? I mean if the traffic is not offloading on BIGIP, can it ignore optional XFF http profiles and continue to work as it works earlier??

 

By mistakenly today I have added XFF to one of our old VIP, which cause huge outage. Our backend (apache) was recieving invalid HTTP requests / invalid SSL handshakes and stalling as a result.

 

I'm little confused here as BIGIP cannot add/modify http headers, how can the backend servers get invalid SSL handshakes. anyone have any idea!!