Passtrhough irule source IP

Your HTTPS traffic should still make use of the HTTP profile, assuming you have SSL terminating on the BIG-IP. Unless I'm mistaken you should be able to use the x-forwarded header option just fine. Even if that's not working, you could use a simple iRule that does an HTTP::header insert to put in the info.

 

 

Again, all of this is assuming you're terminating SSL on the BIG-IP.

 

 

Colin

Hi Colin

 

Thanks for the response but I did mention I was using HTTPS passtrhrough so SSL is not terminating on the F5 in the case of these sites. I need to due to do passthrough on these sites due to the use of client certificates.

 

 

Thanks,

 

 

Jon

Hi Jon,

 

 

The typical way to pass the original client IP would be in an HTTP header. If you aren't decrypting the SSL on LTM, you wouldn't be able to insert an HTTP header in the request sent to the pool member. There isn't another mechanism to pass this information in the request for HTTPS. So you'd either need to go without the original client IP in your existing scenario, change the routing so you don't need to SNAT the traffic or decrypt the traffic on LTM so you can insert the XFF header.

 

 

Aaron