01-Oct-2021 10:03
Hello
I need to see the client real IP to one of my publicly available website, to do that, i enabled the X-Forwarded-For under http profile (client) after that the website did not come up, i tried to use below iRule as well but that one needs to have http profile attached to VIP, so when i attached the http profile the website won't come online, I was wondering if you could help me. one note : the SSL is terminated on the backend server NOT F5.
The error which I am getting
Secure Connection Failed
An error occurred during a connection to www.example.com. PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
The iRule
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}
Thanks
Mohammad
02-Oct-2021
01:43
- last edited on
24-Mar-2022
01:19
by
li-migration
Hi ,
you say that SSL is terminated on the backend and not on the F5. Therefore the BIG-IP cannot insert any HTTP headers.
Quoting from there:
"Note: You can insert HTTP headers in HTTPS traffic only if the client connects to a BIG-IP virtual server configured with a Client SSL profile. When the BIG-IP system terminates the SSL connection, it has access to the unencrypted HTTP data."
You can only insert a X-Forwarded-For header once you make your virtual server capable of performing SSL decryption/encryption. For details see: K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors.
KR
Daniel