Using X-Forward-For to forward origin ip and username

Question

Using X-Forward-For to forward origin ip and username
Hello All,
Hoping the F5 (fam) community can help me out on this. We have user accounts getting compromised through our password manager and we'd like to use our SIEM to notify us of these events. Can someone please help me with this iRule so that it will pass on the origin ip address and the username?&nbsp;
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}&nbsp;
Trying to figure out what I need to add for username and where it needs to go. &nbsp;
Many Thanks!!!
Ron&nbsp;

p_k · Answer

what type of authentication you are using? does user type the credentials or is it clientless mode?&nbsp;

stanislas_piro2 · Answer

Hi,
X-Forwarded-For is a header to insert only IP address (there is no Standard about this header, so you can put whatever you wan in the header, but ...) so I added a new header.
Do you use APM?
If Yes, you can forward the username with the irule:
when HTTP_REQUEST { 
    HTTP::header insert X-Forwarded-For [IP::remote_addr] 
    HTTP::header insert Username [ACCESS::session data get session.logon.last.username] 
}

you can also do it with Per-request policy instead of irule.

ronmexico_79057 · Answer

LDAP Authentication to an IIS web front end. &nbsp;

Forum Discussion

Using X-Forward-For to forward origin ip and username

3 Replies

Recent Discussions

snmp automatic stop mail send

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

(How) can I get two client certificates in one APM session?

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Related Content

TCP Option 28 X-Forwarded-For Header

X-Forwarded-For on L4 VS

Extracting X-Forwarded-For in Node.js

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers