Appending/Including all IP addresses 'en route' within "X-Forwarded-for"

Question

Hello,&nbsp;
We have our internal website published through our LTM. Users' traffic traverse the WAF [non-F5] before reaching the LTM.&nbsp;
Both WAF and LTM are configured to insert the X-Forwarded-for header. The backend web servers are configured accordingly, and hence, seeing the WAF's IP against "X-Forwarded-for".&nbsp;
The requirement is to see all the IP address in the path within the web server logs; i.e., Actual Client IP Address, WAF, &amp; the LTM; and not just the LTM or WAF IP Address.&nbsp;
How do we achieve this?&nbsp;
Thanks,
Jimmy
=-=-=&nbsp;

vijay_e · Answer

Assuming that the WAF &amp; LTM are inserting the XFF header and value and retaining any existing value, your server should be able to log everything. &nbsp;

kai_wilke · Answer

Hi Jimmy,
to consolidate multiple occourences of X-Forwarded-For headers, you may try the iRule below...
when HTTP_REQUEST {
    if { [set x_forwarded [HTTP::header values "X-Forwarded-For"]] ne "" } then {
        HTTP::header remove "X-Forwarded-For" 
        HTTP::header insert "X-Forwarded-For" "[join $x_forwarded ", "], [getfield [IP::client_addr] "%" 1]"
    } else {
        HTTP::header insert "X-Forwarded-For" "[getfield [IP::client_addr] "%" 1]"
    }
}

The iRule will collect any existing X-Forwarded-For header value, then remove any existing X-Forwarded-For header and finally create a new one with the collected values + the current "X-Forwarded-For" value. E.g.:
Incomming HTTP request headers
GET / HTTP/1.1  
Host: site.domain.de  
... 
X-Forwarded-For: 1.1.1.1  
X-Forwarded-For: 2.2.2.2, 3.3.3.3
X-Forwarded-For: 4.4.4.4

Outgoing HTTP request headers
GET / HTTP/1.1  
Host: site.domain.de  
... 
X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5

Note: Make sure to disable the automatic X-Forwarded-For insert option in your HTTP profile. The insert will be already handled by this iRule...
Cheers, Kai

Forum Discussion

Appending/Including all IP addresses 'en route' within "X-Forwarded-for"

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Using "X-Forwarded-For" in Apache or PHP

Add a custom "X-forwarded-for" header name

Difference between "True client ip" and "X-Forwarded for"

CSV to Address External Datagroup File

Decoding the IPv4 address from the persistence cookie