cancel
Showing results for 
Search instead for 
Did you mean: 

What does the BIG-IP LTM do when it can not insert an X-Forwarded-For

Wasfi_Bounni
Cirrostratus
Cirrostratus

Hi;

 

I have an F5 virtual server listening on port 8080 and load balancing two forward explicit proxies. I want the F5 to add an XFF header as I am using SNAT auto map.

 

The F5 is only load balancing and when the explicit proxy traffic is clear text http, I know the F5 adds the XFF without any issues. Also, when there is a request with a "Connect" http method, the F5 adds the XFF too.

 

My question is what happens when the http datagram destined to port 8080 has a TLS payload, like a "client hello" for example. I know that the F5 in this case will not insert the XFF header. However, I am more interested in what the F5 will do to this datagram. Does it drop it, or pass it without the XFF.

 

 

Kindly

Wasfi

1 ACCEPTED SOLUTION

Hi Wasfi,

 

When using LTM without the required licenses like SSLO or SWG to intercept SSL traffic via the Explict Forward Proxy, it will just pass the SSL traffic without changing the payload.

 

Kind regards,

 

--Niels

View solution in original post

2 REPLIES 2

Hi Wasfi,

 

When using LTM without the required licenses like SSLO or SWG to intercept SSL traffic via the Explict Forward Proxy, it will just pass the SSL traffic without changing the payload.

 

Kind regards,

 

--Niels

Wasfi_Bounni
Cirrostratus
Cirrostratus

Thank you Sir.