iRule to preserve client IP address?

Question

Our developers want to put an app (AD4J) behind our load balancers.  Our load balancers are single arm'd and we use SNAT automap on the VIP.  The AD4J server needs to see the client source IP for it's function, but is seeing the load balancers' IP instead, as expected.  And unfortunately, we can't have the servers use the load balancer as their gateway to solve this.&nbsp;
&nbsp;I've done a lot of searches, but all point back to using x-forwarded for.  However, that solution, from what I understand applies to logging.  In our case, the AD4J server isn't working with log files.  From what I understand, it gets the client ip address through the TCP connection instead of the http header.&nbsp;
&nbsp;The closest cases I could find to our situation were these:
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=53&amp;view=topic&amp;postid=12195
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=53&amp;forumid=25&amp;postid=20038&amp;view=topic&nbsp;
&nbsp;Appreciate any advice.

the_bhattman · Answer

Hi Jtani,
    I had the same request from my client.  The following is what I did, which are noted in the links you had above
when HTTP_REQUEST {
  HTTP::header insert CLIENT_ADDRESS [IP::client_addr]
}
The application server simply pulled the information out of the header and was able to determine who the client was.

nicolas_menant · Answer

Then it's not going to be possible with an iRules.&nbsp;
&nbsp;You'll need to check in your architecture for workaround like making the BIGIP the default gateway of your servers, etc...

david_homoney · Answer

jtani,&nbsp;
&nbsp;There is nothing iRules can do to fix this problem. The reason is that in a single armed configuration you need to ensure that the return traffic gets back to the client via the same path. To do this we SNAT and that will change the client IP address at OSI Layer 3. The only two options left for you to do would be to change your architecture so that you are in routed mode or too configure using nPath. You can see more about nPath in the following link.&nbsp;&nbsp;Click here

Forum Discussion

iRule to preserve client IP address?

3 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

APM custom address space by client IP?

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Filtering traffic based on client ip address and URL

HTTP POST redirect preserving POST data

CSV to Address External Datagroup File