Forum Discussion

eroach5's avatar
eroach5
Icon for Nimbostratus rankNimbostratus
Sep 14, 2015

Preserve actual source IP address in header even when traffic from client traverses a proxy.

Hello,

 

Here is a simple flow:

 

client >> proxy >> F5 VIP - I am using a X_forward HTTP profile and an IRule of:

 

when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::remote_addr ]

 

The issue is in Wireshark captures I see the IP address of the proxy as the source. The proxy is a Websense gateway.

 

The customer is adamant that they need to see the true actual source host's IP address.

 

Any assistance would be appreciated.

 

et

 

1 Reply

  • it all depends on what you are able to influence.

     

    1) if you could the proxy might be able to keep the actual client IP. if it can't do that you are out of luck on getting the packets to keep the actual client IP, there is nothing the BIG-IP can do if it doesn't receive that IP on the packet level.

     

    2) but the proxy might also insert a X-Forwarded-For header or use a different header for this. if it does use the same header you can keep that value, so don't touch it with an iRule / http profile and the server can use that. if the proxy uses another header you can take that value and put in the X-Forwarded-For header.

     

    if that isn't possible either then you are kinda out of options.