Need help with insert true-client-ip to X-Forwarded-For rule on F5 LTM

Prasad4u · ‎05-Jan-2021

Hi,

Additional INFO: First of I will represent the access as it is done from the client to the F5

CLIENT --> Cloudflare --> F5 Service

client try to access to the following hostname that is hosted by F5 : app.mydomain.com(1.2.3.4)
Request will go to CloudFlare.
CloudFlare will redirect user to F5 service (app.mydomain.com) at the same time it will cache the client's response for the future transaction.
When CloudFlare will redirect user to F5 service (app.mydomain.com), CloudFlare will hide the real Client-IP and provide the CloudFlare IP.
Instead of CloudFlare IP, We would like to grab the True-Client-IP and insert into X-Forwarder-For to see logs on the Server logs which is hosted behind the F5.

Enes_Afsin_Al · ‎05-Jan-2021

Hi Prasad4u,

iRule:

when HTTP_REQUEST {
	if { [HTTP::header exist True-Client-IP] } {
		# Client --> CloudFlare --> F5
		HTTP::header replace X-Forwarded-For [HTTP::header True-Client-IP]
	}
	else {
		# Client --> F5
		HTTP::header replace X-Forwarded-For [IP::client_addr]
	}
}

Additional note: In this scenario, don't use source_addr persistence.

Prasad4u · ‎01-Mar-2021

Hi Enes Afsin,

Greetings!!

After applying this irule, The VIP stopped working.

Could you please help us here.

Enes_Afsin_Al · ‎01-Mar-2021

Hi Prasad4u,

Can you investigate /var/log/ltm ?

Is there a log for this irule or another attached irule?

Prasad4u · ‎05-Jan-2021

Thanks for quick response Afsin. Will test and get back to you.

DevCentral

Need help with insert true-client-ip to X-Forwarded-For rule on F5 LTM

MFA required on DevCentral