XFF header without SSL offloading

Question

Hi,&nbsp;We're currently using SSL passthrough and not SSL offloading because one of our customer has it's reasons. The customer however, would like to see the X-Forwarded-For HTTP header so they can see client IP addresses. Is this possible without offloading? In my belief it's not possible due to the full-proxy nature of a F5 and since passthrough doesn't allow you to inspect the SSL packet.&nbsp;Are there options available that i'm currently unaware of? I would like to hear what I can do other than SSL offloading.&nbsp;Kind regards,&nbsp;Dave

evgeny · Answer

Hi,&nbsp;This is not possible without decrypting. &nbsp;Moreover having HTTP profile enabled on a passthru VS will cause the traffic to get dropped by LB.&nbsp;Thanks,

davethoonsen · Answer

Thanks for the confirmation Evgeny.

Forum Discussion

XFF header without SSL offloading

Recent Discussions

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Disable ssl or https for the embed url

Related Content

(HTTP) Redirection via Arbitrary Host Header

HTTPS offload rewriting

Log Http Headers

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS