cancel
Showing results for 
Search instead for 
Did you mean: 

Add X-Forwarded-For to websocket traffic

Folyq
Nimbostratus
Nimbostratus

Good day everyone

We have websocket traffic which is load balanced by F5 and we would like to add X-Forwarded-For to it so we can have clients real IP in server.

As I read about it the websocket traffic starts by http connection and the continues with websocket.

I added HTTP profile (with XFF enabled) and all of our connections were dropping.

Can anybody help me on this?

Thanks

5 REPLIES 5

Ismael_Goncalves
F5 Employee
F5 Employee

Have you configured a websocket profile?
https://support.f5.com/csp/article/K14754

No I haven't 

Should I add http profile (with XFF enabled) and websocket profile to Virtual Server?

Ismael_Goncalves
F5 Employee
F5 Employee

That's correct but also, if the traffic is encrypted , you also need to have Client SSL profile and Server SSL profile for the proper SSL decrypt/re-encrypt. Otherwise, BIG-IP will see only encrypted traffic. 

Thanks Ismael

I will try it and get back to you.

Also should I apply the http profile in the client side or server side?

The HTTP profile does not have client/server sides context. Also, check here for TLS options you might want to configure:
https://support.f5.com/csp/article/K65271370