Showing results for 
Search instead for 
Did you mean: 

Persist profile using XFF to read client IP address


Hi All,


Based on what we are using below, traffic to our website goes through a CDN that changes the "real" client's IP address to their proxy IP...So we can't use source-client IP persistency on the F5 because of this. What we are doing below is using an iRule to read the XFF header, and based on the XFF header, we load balancing to both server A/B based on the unique client IP...


So the question here there a way I can also match a single IP address from the XFF (example, and

send them to only ServerB only? We want to load balance all external to both serverA and serverB equally, but to server B only

regardless..Can this be done by modifying the iRule below?


Thank you in advance!


F5 POOL Name: AppServer123

  • ServerA -
  • ServerB -



*** iRule used by persistence profile that will persist to a server in a pool based on client's source IP address ***

when HTTP_REQUEST {      if {[HTTP::header X-Forwarded-For] != ""} then {         persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0]     } else { persist uie [IP::client_addr]     } }


Hi ant77,


You can try below one (please do not forget to change port_number to listening port on your backend server):

when HTTP_REQUEST { set clientip [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0] if {[HTTP::header X-Forwarded-For] != "" && $clientip equals "" } then { persist uie $clientip node port_number } else { persist uie [IP::client_addr] pool AppServer123 } }


If you also need to persistence based on XFF other than, you should modify the irule.



Below iRule should cater the requirement of requests coming without XFF and using persistance based on original clientIP. And also, would use persistence based on XFF for other than

when HTTP_REQUEST { if {not [HTTP::header exists "X-Forwarded-For"] } { persist uie [IP::client_addr] return } else { set xff [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0] } if { ([HTTP::header exists "X-Forwarded-For"]) and ($xff equals "") }{ node 443 return } else { persist uie $xff } }