Loosing Client IP Addresses
We have a new virtual production environment that is using F5s. We have web applications that are load balanced and the traffic comes down an HTTPS line from the client through the firewall to the F5 and onto the web servers. Unfortunately as the traffic goes through the F5s it looses the clinet IP and gets replaced with the IP of the the F5. We have been given a solution from our hardware guys of the following:
SSL termination has to be done on the F5’s, this will allow the F5 to insert the HTTP x-forward header as it cannot read the stream if the SSL is getting terminated on the webserver. The traffic will then go to the web server over HTTP.
I'm not sure if this is the correct forum for this but I just want to know if this is the best solution or should we be doing something else
Thanks.