Any hard documentation for x-forwarded-for?

Question

Dev,&nbsp;
 &nbsp;
I was tasked with setting up a VS for a client and passing https traffic through the load balancer. I found the correct settings to get that working, but I'm also SNAT'ing the traffic. The client want to be able to do x-forwarded-for to get the true client IP address. I think I understand the reason why the x-forwarded-for won't work on https, but I need something hard fast from F5 saying this is why this won't work. I'm still very new at the LTM's, about six months in, and I don't really get the benefit of the doubt just yet when it comes to these sorts of things. Has anybody successfully sent an x-forwarded-for WITHOUT SSL offload at the LTM? If so, what were the steps? Also, if anybody has any docs on the headers, that would be great.&nbsp;
 &nbsp;
Thanks,&nbsp;
John&nbsp;

what_lies_bene1 · Answer

I'm not an F5 employee but I can categorically state that (at present) HTTP content of any kind cannot be modified (or have a header inserted) by an F5 unless it terminates the SSL connection. Of course, keep in mind you can terminate it and re-encrypt it. 
&nbsp;  
&nbsp; This article confirms: http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html?sr=26838905

wixxyl_98682 · Answer

That confirms what I suspected. Thank you very much for the link Steve, I hope that will pacify the powers-that-be for now.

what_lies_bene1 · Answer

You're welcome. Good luck.

Forum Discussion

Any hard documentation for x-forwarded-for?

3 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

X-Forwarded-For on L4 VS

TCP Option 28 X-Forwarded-For Header

Extracting X-Forwarded-For in Node.js

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

X-Forwarded-For Log Filter for Windows Servers