Forum Discussion

Santosh_Kumar_2's avatar
Santosh_Kumar_2
Icon for Nimbostratus rankNimbostratus
Apr 06, 2017

Get Source IP for HTTPS traffic

Hi All,

 

I'm aware that XFF is a setting to get the Client IP for HTTP traffic. My server team needs to get the Client IP for HTTPS traffic. We've the client SSL set on the F5. As per my research, I see that many have been talking about the SSL termination. Which means, the F5 will terminate the connection and send the decrypted traffic to the server. But in this way, the server will be getting the F5's IP and not the Source IP.

 

Can anyone help me out on a way to get the original Source IP for HTTPS traffic?

 

Regards Santosh

 

1 Reply

  • Regardless of whether BIGIP accepts unencrypted traffic or off-loads SSL for a server, it can insert X-Forwarded-For for either one. See K4816 for more info. Also note that this KB article clarifies that BIGIP simply appends an XFF header regardless of whether or not one was already present. This may not be a concern in your environment, just something to be aware of.