Forum Discussion
Brad_Parker_139
Nacreous
Absolutely. In your HTTP profile, make sure Accept XFF is not check. Are you adding X-Forwarded-For via iRule or your HTTP profile?
Brad_Parker_139
Mar 16, 2016Nacreous
So in your HTTP profile you are right you should enable X-Forwarded-For since you are using SNAT, but you don't want to accept an X-Forwarded-For from someone else. That's what that check box for "Accept XFF" is for. It prevents the forged header from being excepted.