cancel
Showing results for 
Search instead for 
Did you mean: 

Need help with insert true-client-ip to X-Forwarded-For rule on F5 LTM

Prasad4u
Nimbostratus
Nimbostratus

Hi,

 

Additional INFO: First of I will represent the access as it is done from the client to the F5

 

CLIENT --> Cloudflare --> F5 Service

 

  • client try to access to the following hostname that is hosted by F5 : app.mydomain.com(1.2.3.4)
  • Request will go to CloudFlare.
  • CloudFlare will redirect user to F5 service (app.mydomain.com) at the same time it will cache the client's response for the future transaction.
  • When CloudFlare will redirect user to F5 service (app.mydomain.com), CloudFlare will hide the real Client-IP and provide the CloudFlare IP.
  • Instead of CloudFlare IP, We would like to grab the True-Client-IP and insert into X-Forwarder-For to see logs on the Server logs which is hosted behind the F5.

 

4 REPLIES 4

Hi Prasad4u,

 

iRule:

when HTTP_REQUEST { if { [HTTP::header exist True-Client-IP] } { # Client --> CloudFlare --> F5 HTTP::header replace X-Forwarded-For [HTTP::header True-Client-IP] } else { # Client --> F5 HTTP::header replace X-Forwarded-For [IP::client_addr] } }

Additional note: In this scenario, don't use source_addr persistence.

Hi Enes Afsin,

 

Greetings!!

 

After applying this irule, The VIP stopped working.

 

Could you please help us here.

Hi Prasad4u,

 

Can you investigate /var/log/ltm ?

Is there a log for this irule or another attached irule?

Prasad4u
Nimbostratus
Nimbostratus

Thanks for quick response Afsin. Will test and get back to you.