Help
XC Users Forum
Open conversations with staff and peers about F5 Distributed Cloud Services.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Bypass WAF for X-forwarder IP in XC

Go to solution
vikas_Patil
Nimbostratus
Nimbostratus

‎25-Dec-2022 23:51

We use the F5 XC and want to bypass the WAF rules if traffic comming from specific IP address in X-forwarder-for field,

X-forwarder-for Field contail Multiple IP address and if any of the IP matches to the list , XC should bypass the WAF rules

E.g. Http header x-forwarded-for : 1.1.1.1; 2.2.2.2 , requirement is to bypass WAF Rule for the IP 1.1.1.1 

0 Kudos
1 ACCEPTED SOLUTION
6 REPLIES 6

Go to solution
Samir
MVP
MVP

‎26-Dec-2022 01:38

if you have list of known X-forwarder-for Source IP then create iRule and bypass WAF Policy. This can be possible.

0 Kudos

Go to solution
vikas_Patil
Nimbostratus
Nimbostratus

‎26-Dec-2022 01:39

Actually we want to do it on WAAP, and Irule option is not available

0 Kudos

Go to solution
Sudhir_Patamsetti
F5 Employee
F5 Employee
In response to vikas_Patil

‎26-Dec-2022 06:07

@VikasB , You can use "trusted client rules" to "bypass WAF" . Navigate to http load balancer --> common security controls ---> trusted client rules 

Go to solution
Nikoolayy1
MVP
MVP
In response to vikas_Patil

‎14-Jan-2023 02:41 - edited ‎14-Jan-2023 06:26

@vikas_Patil  did you manage to make this work?

Maybe to match a specific ip address when there are many in the HTTP XFF header you can use regex. To match a single IP address you can try the regex (1\.1\.1\.1)  where 1.1.1.1 is the IP address and soon I will publish an F5 community article about this as I played with the feature a little.

 

Nikoolayy1_0-1673692474132.png

 

0 Kudos

Go to solution
Nikoolayy1
MVP
MVP
In response to vikas_Patil

‎20-Jan-2023 05:21

Here is the article after I played with the features of the F5 XC:

 

https://community.f5.com/t5/community-articles/f5-xc-distributed-cloud-http-header-manipulations-and...

 

0 Kudos

Go to solution
Nikoolayy1
MVP
MVP

‎07-Jan-2023 09:08

As @Sudhir_Patamsetti mentioned there is this option that I have not used yet but it is interesting if it will work with multiple ip addreesses in the HTTP header. If the rule has the option to select something like "contains" in the value of a specific HTTP header then it shouldn't be an issue. If you see issues you may need to modify your proxy devices to also add another header that has just one ip address and use that in the Distributed Cloud XC rules.

0 Kudos
Copyright © 2023 Khoros, LLC