For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Davethoonsen's avatar
Davethoonsen
Icon for Altocumulus rankAltocumulus
Oct 25, 2019

XFF header without SSL offloading

Hi,

 

We're currently using SSL passthrough and not SSL offloading because one of our customer has it's reasons. The customer however, would like to see the X-Forwarded-For HTTP header so they can see client IP addresses. Is this possible without offloading? In my belief it's not possible due to the full-proxy nature of a F5 and since passthrough doesn't allow you to inspect the SSL packet.

 

Are there options available that i'm currently unaware of? I would like to hear what I can do other than SSL offloading.

 

Kind regards,

 

Dave

2 Replies

  • Evgeny's avatar
    Evgeny
    Icon for Altocumulus rankAltocumulus
    Oct 27, 2019

    Hi,

     

    This is not possible without decrypting.

     

    Moreover having HTTP profile enabled on a passthru VS will cause the traffic to get dropped by LB.

     

    Thanks,