Forum Discussion

Prasad4u's avatar
Prasad4u
Icon for Nimbostratus rankNimbostratus
Jan 05, 2021

Need help with insert true-client-ip to X-Forwarded-For rule on F5 LTM

Hi,

 

Additional INFO: First of I will represent the access as it is done from the client to the F5

 

CLIENT --> Cloudflare --> F5 Service

 

  • client try to access to the following hostname that is hosted by F5 : app.mydomain.com(1.2.3.4)
  • Request will go to CloudFlare.
  • CloudFlare will redirect user to F5 service (app.mydomain.com) at the same time it will cache the client's response for the future transaction.
  • When CloudFlare will redirect user to F5 service (app.mydomain.com), CloudFlare will hide the real Client-IP and provide the CloudFlare IP.
  • Instead of CloudFlare IP, We would like to grab the True-Client-IP and insert into X-Forwarder-For to see logs on the Server logs which is hosted behind the F5.

 

4 Replies

  • Hi Prasad4u,

    iRule:

    when HTTP_REQUEST {
    	if { [HTTP::header exist True-Client-IP] } {
    		# Client --> CloudFlare --> F5
    		HTTP::header replace X-Forwarded-For [HTTP::header True-Client-IP]
    	}
    	else {
    		# Client --> F5
    		HTTP::header replace X-Forwarded-For [IP::client_addr]
    	}
    }

    Additional note: In this scenario, don't use source_addr persistence.

    • Prasad4u's avatar
      Prasad4u
      Icon for Nimbostratus rankNimbostratus

      Hi Enes Afsin,

       

      Greetings!!

       

      After applying this irule, The VIP stopped working.

       

      Could you please help us here.

      • Hi Prasad4u,

         

        Can you investigate /var/log/ltm ?

        Is there a log for this irule or another attached irule?

  • Thanks for quick response Afsin. Will test and get back to you.