Prevent a Spoof of an X-Forwarded-For Request with BIG-IP
Last week, we looked at how to do Selective Compression on BIG-IP with a local traffic policy so this week let’s try something security related using the same procedures. You can associate a BIG-I...
Published Oct 24, 2017
Version 1.0
Kai_Wilke
MVP
MVPHi Peter,
A header replace action will replace just the first header instance (if exist) but leave additional instances (if exist too) untouched. The server may on the other hand evalute not the first but the last header and/or combine all header instances at once...
To securely sanitize incomming X-Forwarded-For headers, you have to remove (this will remove every single instance) and then insert the given header.
Cheers, Kai