Request to forward client IP in X-Forwarded-For header
I don't really think WAF side has passed in real IP in X-Forwarded-For Http header!! For Example: If I manually add a fake X-Forward-For header, our nginx is able to receive it. In the picture, it shows a flow: 10.237.37.114 (just passthrough X-Forward-For if any, didn't append the upstream IP) -> 10.237.37.110 (append 10.237.37.114 to X-Forward-For) -> 10.244.9.73 (our nginx) This pic means our OCI LB and nginx are fine, they respect the passed in X-Forwarded-For, so if WAF passes it then we'll get it. For the first 10.237.37.114, some questions: What's this IP? What's the upstream of this IP? Kindly find PFA.