Prevent a Spoof of an X-Forwarded-For Request with BIG-IP
Published Oct 24, 2017
Version 1.0Was this article helpful?
Hi Peter,
A header replace action will replace just the first header instance (if exist) but leave additional instances (if exist too) untouched. The server may on the other hand evalute not the first but the last header and/or combine all header instances at once...
To securely sanitize incomming X-Forwarded-For headers, you have to remove (this will remove every single instance) and then insert the given header.
Cheers, Kai