What does the BIG-IP LTM do when it can not insert an X-Forwarded-For

Question

Hi;&nbsp;I have an F5 virtual server listening on port 8080 and load balancing two forward explicit proxies. I want the F5 to add an XFF header as I am using SNAT auto map. &nbsp;The F5 is only load balancing and when the explicit proxy traffic is clear text http, I know the F5 adds the XFF without any issues. Also, when there is a request with a "Connect" http method, the F5 adds the XFF too.&nbsp;My question is what happens when the http datagram destined to port 8080 has a TLS payload, like a "client hello" for example. I know that the F5 in this case will not insert the XFF header. However, I am more interested in what the F5 will do to this datagram. Does it drop it, or pass it without the XFF.&nbsp;&nbsp;KindlyWasfi

niels_van_sluis · Accepted Answer

Hi Wasfi,&nbsp;When using LTM without the required licenses like SSLO or SWG to intercept SSL traffic via the Explict Forward Proxy, it will just pass the SSL traffic without changing the payload. &nbsp;Kind regards,&nbsp;     --Niels

wasfi_bounni · Answer

Thank you Sir.

Forum Discussion

What does the BIG-IP LTM do when it can not insert an X-Forwarded-For

2 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

X Forwarded For Single Header Insert

Difference between Insert X-Forwarded-For and Accept XFF?

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

Prevent a Spoof of an X-Forwarded-For Request with BIG-IP