Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Multiple ip's visible in XFF header, would need only the last ip address

bsb
Nimbostratus
Nimbostratus

‎25-Jun-2020 02:58

Hi, have enabled XFF header, but could see more than one ip is reflecting in downstream devices.

we can fix it with iRule, but binding iRules in all the virtual servers increases overhead on CPU/Memory,

is there a way to restrict last know public ip being retained in XFF header.

Labels:
0 Kudos
1 REPLY 1

Dario_Garrido
MVP
MVP

‎25-Jun-2020 07:57

Hello Bsb.

 

iRules are very efficient, don't worry about performance when you only need to include a XFF header.

 

One solution would be:

when HTTP_REQUEST { HTTP::header remove X-Custom-XFF HTTP::header insert X-Custom-XFF [IP::remote_addr] }

Using the HTTP profile, you could try modifying the XFF header name

See option "XFF Alternative Names".

REF - https://support.f5.com/csp/article/K40243113

 

Regards,

Dario.

Regards,
Dario.
0 Kudos
Copyright © 2022 Khoros, LLC