Forum Discussion
Kevin_Stewart
Feb 05, 2014Employee
The short answer to your original question is no. An XFF header is an HTTP object. The IP address and domain name restrictions option in IIS will only see the client source address in the TCP payload, not an HTTP header. If you need the client source address at the IIS server for the purpose of using this feature, then you must not enable SNAT in the virtual server. SNAT translates the client source to a local source to force return routing. In the absence of SNAT you must ensure that the servers cannot directly route back through the BIG-IP (not around it).