03-Jun-2022 12:56
Good day everyone
We have websocket traffic which is load balanced by F5 and we would like to add X-Forwarded-For to it so we can have clients real IP in server.
As I read about it the websocket traffic starts by http connection and the continues with websocket.
I added HTTP profile (with XFF enabled) and all of our connections were dropping.
Can anybody help me on this?
Thanks
03-Jun-2022 13:09
Have you configured a websocket profile?
https://support.f5.com/csp/article/K14754
03-Jun-2022 13:19
No I haven't
Should I add http profile (with XFF enabled) and websocket profile to Virtual Server?
03-Jun-2022 13:25
That's correct but also, if the traffic is encrypted , you also need to have Client SSL profile and Server SSL profile for the proper SSL decrypt/re-encrypt. Otherwise, BIG-IP will see only encrypted traffic.
03-Jun-2022 22:12
Thanks Ismael
I will try it and get back to you.
Also should I apply the http profile in the client side or server side?
04-Jun-2022 09:52
The HTTP profile does not have client/server sides context. Also, check here for TLS options you might want to configure:
https://support.f5.com/csp/article/K65271370