malookyi
Feb 07, 2023Nimbostratus
Solved
Change original source IP to random in ASM logs
Hello experts, On youtube I have find this video BIG-IP AWAF Demo 38 - Use IP Geolocation Enforcement w/ F5 BIG-IP Advanced WAF (formerly ASM) - YouTube and in this video speaker show that she ha...
- Feb 07, 2023
Hi,
The ASM can also look into the x-forwarded-for header to determine the original client IP, for that you need to tell your security policy to trust the xff header. Then you can inject the header whether from the client side using fiddler for example. Or you can inject it locally using this iRule:
when HTTP_REQUEST { HTTP::header replace X-Forwarded-For "[expr (int(rand()*221)+1)].[expr int(rand()*254)].[expr int(rand()*254)].[expr int(rand()*254)]" }
This article describes the procedure for an old ASM version :
https://f5-agility-labs-waf.readthedocs.io/en/latest/class3/module1/lab1/lab1.html