Forum Discussion

Nimbostratus

Jul 04, 2022

XFF for retaining client's Original IP

Hello Experts, I need your help to get the issue sorted on my end. I've been looking for a solution to retain client's Original IP address instead of SNAT IP address. Have gone through few articels ...

application delivery

Rodolfo_Nützmann

Cirrus

Jul 04, 2022

Hi,

Keep in mind that a.) XFF will only work for HTTP traffic, b.) the VS needs to have the HTTP profile assigned to it, c.) the application (or device) receiving the traffic must correctly interpret the XFF HTTP Header.

You can search the system's connection table to find associated client-side & server-side flows. This way you can i.e. see all server-side connections for a specific client IP address; or find out which real client IP addresses are connected to a particular node or pool member.

Please refer to the following for more info on working with the connection table:

K53851362: Displaying and deleting BIG-IP connection table entries from the command line

https://support.f5.com/csp/article/K53851362

K40033505: Explaining the output of tmsh show sys connection

https://support.f5.com/csp/article/K40033505

You can also use tcpdump to i.e. capture traffic on the server-side connection related to a client-side IP address:

K20233108: Running the tcpdump utility using the p interface modifier

https://support.f5.com/csp/article/K20233108

Hope this helps.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)