Forum Discussion
Kevin_Stewart
Jul 21, 2014Employee
It's definitely safe to say that the XFF header should hold the client's true source. What happens if you log it?
when HTTP_REQUEST {
log local0. "client IP is [IP::client_addr]"
HTTP::header replace X-Forwarded-For [IP::client_addr]
}
Any chance that you're logging configuration is not correctly picking up the XFF header? Can you do a tcpdump server side capture to see exactly what is coming from the BIG-IP?