Xfarworder profile

Question

Hi, &nbsp;
&nbsp;I have my backend web servers (https) pool associated to the VS listening on port 443. THe scenario is Vs, pool are from the same subnet. I have IIS server configured to log the client IP who accessed the VS.&nbsp;
&nbsp;The issue is when i look at the logs i see that the client address is same for all the connectiions. The reason being is i have SNAT applied on the VS.&nbsp;
&nbsp;The default gateway of the Backend servers is pointing to a router.If i remove the SNAT in order to let the IIS log teh client IP's, the users will fail to access the servers through Vs , as the reverse traffic take a different path. For some reason i cant change the default gateway of the servers.&nbsp;
&nbsp;Does applying enabling a Xfarworder on an http profile will sort out the issue?&nbsp;
&nbsp;i do heard that we cannot apply an x farwarder for https....&nbsp;
&nbsp;How will the traffic flow even the clients are from the same subnet?&nbsp;
&nbsp;I would be really thankfull if i get some solution....&nbsp;
&nbsp;Thanks,
&nbsp;Sheshank Reddy

hooleylist · Answer

For logging, you can install a DLL which logs the XFF header value.  If you have an application which is reading the client IP from the IP header, you can use an ARR helper.  Either option requires that LTM parse the HTTP headers.  This requires a client SSL profile for HTTPS. 
&nbsp;  
&nbsp; See this post for details on both: 
&nbsp; https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/52/aft/1178815/showtab/groupforums/Default.aspx 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Xfarworder profile

Recent Discussions

ports are showing open on online scanning tool

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

Related Content

Update your DevCentral user profile

SSL Profiles

DoS Profiles

Server Profile SNI

Client SSL Profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS