Forum Discussion
Abdullah_Okumus
Nimbostratus
So if you want to deny XFF spoofing attack and see the client IP address at the same time, you have to disable XFF option on HTTP profile and then apply following irule will be enough ?
when HTTP_REQUEST {
foreach x [HTTP::header names] {
if { $x equals "X-FORWARDED-FOR" } {
HTTP::header remove X-FORWARDED-FOR
HTTP::header replace X-FORWARDED-FOR [IP::client_addr]
}
}
}
satish_txt_2254
Mar 17, 2016Cirrus
Yes! it should work!! Even I have XFF enabled in http profile.