Prevent a Spoof of an X-Forwarded-For Request with BIG-IP

Last week, we looked at how to do Selective Compression on BIG-IP with a local traffic policy so this week let’s try something security related using the same procedures. You can associate a BIG-I...
Published Oct 24, 2017
Version 1.0
BIG-IP
http
security
spoof
x-forwarded-for
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
amintej's avatar
amintej
Icon for Cirrus rankCirrus
Oct 25, 2017

Interesting security tip,but before applying I think it is important to consider whether the backend apps are using X-Forwarder-For header, in case yes, apps might need reconfiguration to the new value tcl:[IP::client_addr].