I have been troubleshooting XFF issues on one of our VS, and I realized that the F5 would insert an XFF header no matter what...
Let me explain: the HTTP profile was initially configured with Insert XFF Enabled, so using tcpdump, I would see that the XFF field was added.
I disabled the functionnality, and captured the traffic again. The XFF was still present. How is that possible ? The VS configuration is complex, it has rewrite and stream profiles, as well as ASM. Could one of those explain the XFF being added ?
Let me add that this XFF field is not added prior to arriving on the F5. We clearly see the first request to the VS being XFF free, but then the HTTP request processed by the F5 floating IP toward the pool member has XFF set...
Forget it, this was because of Rewrite Profile. By de fault, the option
Insert X-Forwarded-For Header was enabled.
Indeed, the rewrite profile add XFF header by default:
Uncheck it if you want to disable XFF.
For info you can manage XFF header using: