Multiple ip's visible in XFF header, would need only the last ip address

bsb · ‎25-Jun-2020

Hi, have enabled XFF header, but could see more than one ip is reflecting in downstream devices.

we can fix it with iRule, but binding iRules in all the virtual servers increases overhead on CPU/Memory,

is there a way to restrict last know public ip being retained in XFF header.

Dario_Garrido · ‎25-Jun-2020

Hello Bsb.

iRules are very efficient, don't worry about performance when you only need to include a XFF header.

One solution would be:

when HTTP_REQUEST {
HTTP::header remove X-Custom-XFF
HTTP::header insert X-Custom-XFF [IP::remote_addr]
}

Using the HTTP profile, you could try modifying the XFF header name

See option "XFF Alternative Names".

REF - https://support.f5.com/csp/article/K40243113

Regards,

Dario.

Regards,
Dario.

DevCentral