I have an environment where I have two F5s, one external and one internal, however the ASM module is only enabled on the internal F5, in which the source IP that arrives is from the external self IP. I can view the client's real IP through x-forwarded-for, but I would like to know if I can make a filter in F5 to search for the IP of what comes in x-forwarded-for, instead of the layer's IP network
@Augusto to try to clarify the above statement which may help.
You need to apply a http profile with the add xff function turned on to the external f5, so the one on the border.
Then on the internal f5 where you have ASM/ AWAF tell the WAF policy to Trust XFF headers so the exernal IP is seen when it comes over the border.
You could also turn this on, on the internal f5 you can have many IP's in the XFF header you just need to keep a track of which one the ASM module is using for its calculations.
Hi @Augusto ,
Like @ragunath154 said you can do that.
and here the official article for implementation like this : https://my.f5.com/manage/s/article/K36452759
Please try the workaround and Mark the reply of @ragunath154 as an accepted solution , to make it easy for other F5 users to know about it.