x-forwarded-for on Protocol profile for HTTPS

Question

Hi,&nbsp;
I recently came across an issue with a VS. SSL offloading had to be removed from the device, termination is now handled server-side. Since I was using an HTTP profile for my HTTP and HTTPS VSs, I had a profile that enabled XFF insertion, and it was working fine. Due to the fact that SSL termination needs to be done server-side from now on, I changed my VSs profile to Performance (HTTP). A custom Protocol profile that enables XFF insertion is working fine for my HTTP VS, but it won't work on my HTTPS VS. Am I missing something? or is this conceptually wrong?&nbsp;
Thanks in advance.&nbsp;

vijay_e · Answer

The VS needs the client ssl profile in order to decrypt the packet. Decryption is essential in order to insert the XFF header. If it is essential that the server process SSL traffic and XFF header insertion is required, then you can utilize client-side & server-side SSL on the VS. This will enable the F5 to decrypt the packet, insert XFF header, encrypt the packet again and send it to server which can then process the packet as SSL traffic.

Forum Discussion

x-forwarded-for on Protocol profile for HTTPS

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

TCP Option 28 X-Forwarded-For Header

X-Forwarded-For on L4 VS

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

X-Forwarded-For Log Filter for Windows Servers

X Forwarded For Single Header Insert