How to preserve existing X-Forward-For Header when using SNAT

Jeff,

Plz try to apply the below irule in PBN LTM /with SNAT and let me know the result.

rule X-Forwarded-For { when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" } else {

Jeff, SNAT doesn't modify that. Unless you have HTTP profile with "Insert X-Forwarded-For" enabled or an iRule which does it.

You can log what is send out of the BigIP by attaching iRule to the virtual server

when HTTP_REQUEST_SEND {
  clientside {
        foreach x [HTTP::header names] {
           log local0. "Request header($x) = [HTTP::header $x]"
        }
    }
}

First question is does SNAT alter an existing X-Forward-For header?

I have seen a setup like below where snat was altering client address.

Client > l4 ltm (snat2vip) > l7 ltm (xff cconfigured) > server

In the above case untill i remove snat in l4 my server was unable to see client address.

-sam