Insert X-Forwarded-For Not Working

The source IP address will still be the Self-IP because of basic networking. Can you confirm the proxy is receiving the X-Forwarded-For header in the packet and it's not stripping that header out?

iRule:

when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::remote_addr] }

I suspect that if you've checked the Insert X-Forwarded-For box in the HTTP profile that your F5 configuration is correct. You probably don't need the iRule in addition to the HTTP profile, but it should work.

Can you paste the virtual server config from /config/bigip.conf ?

Thanks.. yes Ive tried both with iRule and XForwardedFor enabled on profile, independently and together.

ltm virtual Servers_browsing_8080_VIP { description "VIP for servers and non compliant PAC file systems." destination 172.22.2.2:webcache ip-protocol tcp mask 255.255.255.255 persist { cookie { default yes } } pool Browsing_POOL profiles { http-proxy { } tcp { } } rules { websense_xforwarded_for } source 0.0.0.0/0 source-address-translation { type automap } vs-index 95 }

As Zuke has implied, I think you're expecting the X-Forward-For option to pass the client IP to the server in the TCP packet. That's not what this option does. It and the iRule are intended to insert an HTTP header into the HTTP request flowing to the server. It does not change the source address of the packet.

You're seeing the F5 (floating) source address because you have SNAT enabled.

Thanks all... ill investigate at the proxy side to see if it can pull the client IP from the HTTP packet.

On the VS configuration you have to add a HTTP profile with the Insert X-Forwarded-For setting enabled and also add an HTTP Proxy Connect profile.

It should be working !