Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Insert X-Forwarded-For Not Working

superd_88943
Nimbostratus
Nimbostratus

‎23-Oct-2018 08:50

Hi Guys,

 

Ive a created a VIP to LB to two web proxies. Iv also enabled a HTTP profile with the Insert X-Forwarded-For setting enabled, however on my proxy server i am always seeing the floating self IP of LTM.

 

Ive also tried disabling the setting Insert X-Forwarded-For on the HTTP profile and using an iRule, still the same issue.

 

Am i missing anything here? Any recommendations much appreciated.

 

v11.61

 

D

 

Labels:
0 Kudos
7 REPLIES 7

Zuke
Cirrostratus
Cirrostratus

‎23-Oct-2018 08:53

The source IP address will still be the Self-IP because of basic networking. Can you confirm the proxy is receiving the X-Forwarded-For header in the packet and it's not stripping that header out?

 

0 Kudos

superd_88943
Nimbostratus
Nimbostratus

‎23-Oct-2018 08:59

iRule:

 

when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::remote_addr] }

 

0 Kudos

Zuke
Cirrostratus
Cirrostratus

‎23-Oct-2018 09:06

I suspect that if you've checked the Insert X-Forwarded-For box in the HTTP profile that your F5 configuration is correct. You probably don't need the iRule in addition to the HTTP profile, but it should work.

 

Can you paste the virtual server config from /config/bigip.conf ?

 

0 Kudos

superd_88943
Nimbostratus
Nimbostratus

‎23-Oct-2018 09:52

Thanks.. yes Ive tried both with iRule and XForwardedFor enabled on profile, independently and together.

 

ltm virtual Servers_browsing_8080_VIP { description "VIP for servers and non compliant PAC file systems." destination 172.22.2.2:webcache ip-protocol tcp mask 255.255.255.255 persist { cookie { default yes } } pool Browsing_POOL profiles { http-proxy { } tcp { } } rules { websense_xforwarded_for } source 0.0.0.0/0 source-address-translation { type automap } vs-index 95 }

 

0 Kudos

Kevin_Stewart
F5 Employee
F5 Employee

‎23-Oct-2018 10:46

As Zuke has implied, I think you're expecting the X-Forward-For option to pass the client IP to the server in the TCP packet. That's not what this option does. It and the iRule are intended to insert an HTTP header into the HTTP request flowing to the server. It does not change the source address of the packet.

 

You're seeing the F5 (floating) source address because you have SNAT enabled.

 

0 Kudos

superd_88943
Nimbostratus
Nimbostratus

‎30-Oct-2018 08:01

Thanks all... ill investigate at the proxy side to see if it can pull the client IP from the HTTP packet.

 

0 Kudos

DJTM1
Nimbostratus
Nimbostratus

‎08-Nov-2021 05:48

On the VS configuration you have to add a HTTP profile with the Insert X-Forwarded-For setting enabled and also add an HTTP Proxy Connect profile.

 

It should be working !

0 Kudos
Copyright © 2023 Khoros, LLC