pkingi_72523
Apr 20, 2010Nimbostratus
Can irules be used to match source address infromation before and after SNAT?
We are using an F5 as an SSL-offload and then again as a reverse proxy. In both cases, the source address is natted.
We have an IPS after the SSL-offload and before the reverse proxy that does detect attacks but attacks appear to come from the SSL_offload address.
We need to determine what the original source of attacks are so are looking to see if irules can provide some information to trace back to the original source.
Anyone else deal with this type of issue? Keen to hear how to get around this....
cheers
Patrick