How to see the actual IP when coming from F5 APM module to ASM

Question

Hi&nbsp;
I am applying ASM to an application which users are using via external F5 APM. When i look at the event logs, the source IP is the F5 external Interface IP . Is there a way to see the actual source IP ?&nbsp;

youssef1 · Answer

Hi,&nbsp;
Yes, on your APM you have to enable XFF on your HTTP profile in order to send USER IP to ASM.&nbsp;
Then in ASM, you can configured it to trust the XFF header send by APM. Then the system identifies the location using the address from the XFF header instead of the source IP address.&nbsp;
All is indicate in this article (step by step), quick and simple:&nbsp;
In your Security Policy, Security &gt; Application Security &gt; Policy &gt; Policy Properties adjust the view from Basic to AdvancedCheck the box next to Trust XFF Header (Navigate to Security -&gt; Application Security -&gt; Policy -&gt; Policy Properties.
https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-7-geolocation&nbsp;
Let me now if you need more details.&nbsp;
regards&nbsp;

Forum Discussion

How to see the actual IP when coming from F5 APM module to ASM

1 Reply

Recent Discussions

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

Related Content

SkyNet Is Coming For Email First... Thankfully!

Ansible module to update BIG-IP root/admin passwords

Hardware Security Modules

Ansible - Running bash commands with bigip_command module - How it's done

as3 Python module