NimbostratusHello, We have an application running on WAS 6.1 behind an F5 3900 LB. What we want to do is, to receive the originating source IP (not the LB virtual IP nor SNAT IP) from this application? We have enabled X-forwarded-For option but we still do not receive the originating source IP.
We would be glad if you can help us configure the F5 to receive the source IP on app side.
Thanks & regards.
CirrostratusCan you provide some detail on what you've done so far and what type of Virtual Server you're using please? You know the XFF option will insert a HTTP header yes?
NimbostratusThe things that we have done: There are 2 WebSphere App servers. 1) We created a LTM pool with 2 servers (port 80) 2) When a request comes from a client, it passes throught the virtual server IP [standard virtual server]. And F5 replaces the source IP with its own IP. 3) We have enabled XFF on F5.
Is there any other configuration that we have to do on WAS server or creating any rule etc. ??
CirrostratusYes. The XFF header has a value that is the original client source IP. You'd need to configure the web servers to use this IP when logging requests or performing any other functions based on the client source IP.
Just to be clear, the client IP is still NATted and the XFF won't change this.
NimbostratusWe do not know how to configure the web servers to use this IP. As we searched from the forums we have to modify httpd.conf file. Is this the file on the web server or httpd.conf file on F5?
CirrostratusYou'd configure that file on the server if you were running Apache but you're not right?
No offence but it doesn't sound like you have the knowledge to fully understand this and what might be done to meet your requirements.
As an alternative, would it be possible to remove the SNAT?