Forum Discussion

bsb's avatar
bsb
Icon for Nimbostratus rankNimbostratus
Jun 25, 2020

Multiple ip's visible in XFF header, would need only the last ip address

Hi, have enabled XFF header, but could see more than one ip is reflecting in downstream devices.

we can fix it with iRule, but binding iRules in all the virtual servers increases overhead on CPU/Memory,

is there a way to restrict last know public ip being retained in XFF header.

1 Reply

  • Hello Bsb.

    iRules are very efficient, don't worry about performance when you only need to include a XFF header.

    One solution would be:

    when HTTP_REQUEST {
    HTTP::header remove X-Custom-XFF
    HTTP::header insert X-Custom-XFF [IP::remote_addr]
    } 

    Using the HTTP profile, you could try modifying the XFF header name

    See option "XFF Alternative Names".

    REF - https://support.f5.com/csp/article/K40243113

    Regards,

    Dario.