X-Forwarder-for has been setup to extract the client IP information from F5. Recently we integrated a cloud based WAF into our environment where they will be changing the client IP to their Proxy IP address before forwarding it to our F5. Since then F5 is only able to interpret the proxy IP address but not the original Client's IP address.
Upon talking to the Cloud WAF provider, I have been told they insert 2 IP headers while forwarding traffic to us, where one has all the IP information and second one have the client IP address only.
1) X-Forwarded-For : 97.108.160.191, 198.143.60.6(Proxy IP address), x.x.x.x(Proxy 2 IpP address) and so on
2) Incap-Client-IP: 97.108.160.191
Where as : 97.108.160.191 is the original Source IP address.
Can some able to assist on how can we configure F5 to interpret the value in the header "Incap-Client-IP" or read the First IP address in "X-Forwarded-For" header.
@Xuwen : Many Thanks for your reply ! So I have consolidated your code along with logging the traffic with minor changes. I have also replaced the "HTTP::header insert "Client_Real_IP" $client_ip" TO "HTTP::header replace "X-Forwarded-For" $client_ip" as that will be inserting another IP header which I am thinking will not server the purpose, because the application guys are looking only or what is in the X-Forwarder-for header. What do you think about this ?
