Forum Discussion
Do you have control of all these devices? If so, is there any reason why you cannot remove the functionality that is inserting an XFF header on the WAF?
That way, you would only have the original client ip in the XFF header.
- dwillis619_3073Jun 12, 2017Nimbostratus
The issue is with the WAF is it only has the ability to either have XFF enabled which it adds the 2nd IP or turned off and then it does not forward anything.
- Morten_Marstra1Jun 13, 2017Cirrus
Hi,
You could try this iRule on the backend LTM VIP. I haven't tested it, but it should work, as long as the ip's are split by a ","
when HTTP_REQUEST { if { [HTTP::header exists "X-Forwarded-For"] } { set original_ip [getfield [HTTP::header "X-Forwarded-For"] "," 1] HTTP::header replace "X-Forwarded-For" original_ip } }
- dwillis619_3073Jun 13, 2017Nimbostratus
Great thanks I will give that a try.
- dwillis619_3073Jun 13, 2017Nimbostratus
Unfortunately that did not work. It still has the two IPs in the XFF header after going through the WAF.
- dwillis619_3073Jun 13, 2017Nimbostratus
And just to confirm the format of how it shows up is "192.168.XX.XX,192.168.XX.XX".
- Morten_Marstra1Jun 14, 2017Cirrus
Hi,
I just tested it myself now, and got it to work. I had forgotten to type the "$" before original_ip in the iRule above.
Try this:
when HTTP_REQUEST { if { [HTTP::header exists "X-Forwarded-For"] } { set original_ip [getfield [HTTP::header "X-Forwarded-For"] "," 1] HTTP::header replace "X-Forwarded-For" $original_ip } }
- dwillis619_3073Jun 14, 2017Nimbostratus
Thanks. I got it to work with
when HTTP_REQUEST { HTTP::header insert "X-Forwarded-For" [substr [IP::client_addr] 0 ","] }