Forum Discussion
hooleylist
Sep 09, 2008Cirrostratus
I think your other post is more relevant (Click here). Using the XFF header value option and not doing any access control on LTM would mean the application would need to enforce the access control based on the requested URI and the XFF header value.
The XFF header value would contain the source IP address that LTM receives on the client side TCP connection. After posting the note above, I tested and found that you can configure the HTTP profile with X-Forwarded-For for the header to remove. All existing headers with this name are removed. You can enable XFF on the HTTP profile and LTM will insert the original client IP in the X-Forwarded-For header after removing any existing ones.
Aaron