Irule to see source IPs

Hi,

not sure but may be this irule help you

when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [IP::client_addr]
}

just in case you have not yet seen it.

sol4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

Hello Kaladhar...you can do this 2 ways. First one is what Vitaliy and Nitass are suggesting - by using X-Forwarder if its a HTTP traffic and web server in the backend that needs to see the client ip.

The second option is by eliminating SNAT and using the F5 ip as your gateway for the servers instead of a switch. The second step involves in configuring your server network settings. The reason I am suggesting the second step is X-Forwarder will not work for non http traffic. I had a situation where the client address has to be seen by an application server and there was no way X-Forwarder would have resolved the issue.

Hi All ,

thanks a lot for quick responce on this. as i told before all my vips are https so no use of X_forwarader . I am looing for an irule which can insert the client IPinformation or any alternate config with out moving gateway on theseervs .

Simply put, if you cannot access the layer 7 HTTP traffic, you cannot insert any information into its payload. And you cannot access the layer 7 HTTP traffic if you do not offload the SSL layer. You can optionally re-encrypt to the server, but you have to at least terminate the client side SSL at the proxy. The very best you can do in lieu of that is perhaps to insert the data into (layer 4) TCP header data using the TCP::option command, but then you'd probably have to add code to your applications to be able to see this data.