Forum Discussion

Altocumulus

Oct 01, 2021

Website does not load after using X-Forwarded-For HTTP header

Hello I need to see the client real IP to one of my publicly available website, to do that, i enabled the X-Forwarded-For under http profile (client) after that the website did not come up, i tried ...

MVP

Oct 02, 2021

Hi ,

you say that SSL is terminated on the backend and not on the F5. Therefore the BIG-IP cannot insert any HTTP headers.

Please see K4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT object

Quoting from there:

"Note: You can insert HTTP headers in HTTPS traffic only if the client connects to a BIG-IP virtual server configured with a Client SSL profile. When the BIG-IP system terminates the SSL connection, it has access to the unencrypted HTTP data."

You can only insert a X-Forwarded-For header once you make your virtual server capable of performing SSL decryption/encryption. For details see: K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors.

Daniel

Forum Discussion

Website does not load after using X-Forwarded-For HTTP header

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

X-Forwarded-For Log Filter for Windows Servers

Performance L4 VS - HTTPS [X-forwarded-for]

Difference between Insert X-Forwarded-For and Accept XFF?