Forum Discussion

Robert_Luechte2's avatar
Robert_Luechte2
Icon for Cirrus rankCirrus
Aug 26, 2019

Setting serverside IP address to value received in x-forwarded-for header

I have an interesting situation involving SNAT, and haven't been able to find any existing answers.

 

There is a website that goes to a third party location first. After their processing, the third party sends the request to us having SNAT'd the source IP address. The original IP address is included in a x-forwarded-for header.

 

The backend server on this application currently want's to see the original client IP address. I would like to find a way to pull the IP out of the x-forwarded-for header and use that as the client IP on the serverside connection.

 

Anyone know of a way to do this? Is the serverside [IP::client_addr] modifiable?

 

Thanks in advance for any help.

 

application delivery
iRules
LTM

3 Replies

Sort By
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Aug 27, 2019

    I am providing this iRule as an example - however I'm not 100% if it work.

    Firstly, you need to be confident that return traffic will be directed to the F5 as the only option to change the client IP address is to SNAT the source IP. i.e. your back end servers need to have F5 as the default gateway.

    F5 should un-NAT the address for return flows but I've never done this with an IP address that isn't in the same range as a self IP on the device. 

    when HTTP_REQUEST {
    if {[HTTP::header exists "X-Forwarded-For"]} {
        snat [HTTP::header value "X-Forwarded-For"]
    }
}
  • Robert_Luechte2's avatar
    Robert_Luechte2
    Icon for Cirrus rankCirrus
    Aug 27, 2019

    Lee,

     

    Thanks for the reply. This is one of those times where you go, Doh, SNAT! Why didn't I think of that?

     

    I appreciate the response, and this is working great.

     

    Also, you are correct that this only works if the F5 is the default gateway.

     

    Thanks again,

    Robert

     

    • Lee_Sutcliffe's avatar
      Lee_Sutcliffe
      Icon for Nacreous rankNacreous
      Aug 27, 2019

      Nice one Robert, happy to help. Pleased it's working for you :)