Forum Discussion

ioii's avatar
ioii
Icon for Nimbostratus rankNimbostratus
May 18, 2023

How to transparently transmit the IP of the F5 device itself?

The topology map is client-->F5-->backend nginx service
Now the nginx service log only has the customer’s real ip, I want the F5’s ip to be recorded in the log, what should I do?

2 Replies

  • ioii Depending on the F5 IP that you want to record, you could create a log entry when the client connection is accepted as shown in the following FQDN. Tricky part is you will have to match what you see in the nginx to the log on the F5 to see what the IP is. The other option is if this is HTTP or HTTPS and you are performing SSL termination you can inject a new HTTP header field and associate the value you choose based on the article and what IP you want to record. Doing it the second way should allow nginx to search for the header field and record it.

    https://clouddocs.f5.com/api/irules/IP__local_addr.html

  • As mentioned by Paulius , you could insert a header in an iRule like this:

    when HTTP_REQUEST_RELEASE {
      HTTP::header insert X-F5-SOURCE [IP::local_addr]
    }

    and in your log format on the nginx side, something like:

    [f5-ip=$upstream_http_x_f5_source]