How to transparently transmit the IP of the F5 device itself?

ioii · ‎18-May-2023

The topology map is client-->F5-->backend nginx service
Now the nginx service log only has the customer’s real ip, I want the F5’s ip to be recorded in the log, what should I do?

Paulius · ‎18-May-2023

@ioii Depending on the F5 IP that you want to record, you could create a log entry when the client connection is accepted as shown in the following FQDN. Tricky part is you will have to match what you see in the nginx to the log on the F5 to see what the IP is. The other option is if this is HTTP or HTTPS and you are performing SSL termination you can inject a new HTTP header field and associate the value you choose based on the article and what IP you want to record. Doing it the second way should allow nginx to search for the header field and record it.

https://clouddocs.f5.com/api/irules/IP__local_addr.html

JRahm · ‎19-May-2023

As mentioned by @Paulius , you could insert a header in an iRule like this:

when HTTP_REQUEST_RELEASE {
  HTTP::header insert X-F5-SOURCE [IP::local_addr]
}

and in your log format on the nginx side, something like:

[f5-ip=$upstream_http_x_f5_source]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

DevCentral

How to transparently transmit the IP of the F5 device itself?

Khoros Kudos Award 2022