NimbostratusI have VIP in F5 SNAT with x-forward enabled - but SSL is terminated at the backend. We have http profile is set none to make the client mutual authentication to work along with SSL.
How do I configure F5 to pass the client/source IP to downstream applications, currently it only sees the F5 Ip address.
CirrostratusI guess it depends on how you've designed your environment, but at a minimum you need to allow the BIG-IP to be able to see "inside" the encrypted traffic. You can do this by either SSL offloading or SSL bridging, you can then enable a http profile with the insert x-forwarded-for option enabled.
NimbostratusCirrostratus
AltocumulusI guess it depends on how you've designed your environment, but at a minimum you need to allow the BIG-IP to be able to see "inside" the encrypted traffic. You can do this by either SSL offloading or SSL bridging, you can then enable a http profile with the insert x-forwarded-for option enabled.
NimbostratusAltocumulusCirrostratusIf SSL is terminated at the backend server, BIG-IP will not be able to see the HTTP headers inside the SSL traffic and cannot add the XFF header.
You can only use the routed-mode, where SNAT is removed and backend servers use BIG-IP as the gateway for the incoming traffic.