Forum Discussion
smp_86112
Nov 10, 2011Cirrostratus
I wish I would have seen this sooner - I didn't realize there was an IPv6 forum.
In case you haven't resolved this...
Source address on traffic to the IPv6 virtual server was the self IP of the BIGIP
Does that mean SNAT AutoMap is enabled on the IPv6 Virtual Server, but not the IPv4 Virtual Server? If that's true, then my first reaction is to recommend removing SNAT Automap from the IPv6 VIP. That will retain the source address when the request is forwarded to your web server. Of course that recommendation assumes some things about your environment. If you need SNAT Automap enabled, then I can think of a couple of different options. You can designate a specific IP address as a source, add it to a SNAT Pool, and use the SNAT Pool instead of Automap. You will then have to configure Apache to recognize this SNAT address as "external" and force authentication. Not sure how feasible that is...
If the IPv6 virtual server requires SNAT Automap to be enabled, another option is to apply a customized HTTP profile to the IPv6 VIP. The customized HTTP profile would have the "Insert X-Forwarded-For" option enabled, which injects this HTTP header into the stream whose value is the true source client IP address. You would then need to modify your Apache logging to log the value of this additional header. That would reflect the true client address in your logs.