Forum Discussion
Morten_Marstran
Nimbostratus
Do you have control of all these devices? If so, is there any reason why you cannot remove the functionality that is inserting an XFF header on the WAF?
That way, you would only have the original client ip in the XFF header.
Morten_Marstran
Jun 13, 2017Nimbostratus
Hi,
You could try this iRule on the backend LTM VIP. I haven't tested it, but it should work, as long as the ip's are split by a ","
when HTTP_REQUEST {
if { [HTTP::header exists "X-Forwarded-For"] } {
set original_ip [getfield [HTTP::header "X-Forwarded-For"] "," 1]
HTTP::header replace "X-Forwarded-For" original_ip
}
}