Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

  Description If you have a Proxy in front of the BIG-IP and all the client IP are source Natted, You can still restrict access to the Virtual if the client IP address is inserted by the pr...
Published Mar 14, 2023
Version 1.0
security
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Mar 15, 2023

What about if the X-Forwarder-For has multiple IP addresses as there were several proxy devices that added an IP address to the header with "," for example "1.1.1.1, 2.2.2.2"? How can you match on the first IP address in the XFF header?