Forum Discussion

Nolan_Jensen_23's avatar
Nolan_Jensen_23
Icon for Nimbostratus rankNimbostratus
Dec 15, 2017

X-forwarded-for getting private client IP address

Hello All,

 

I am trying to figure out why the x-forwarded-for variable is being populated with a private client IP address when the virtual server is accessed from certain clients but others it gets populated with the public IP?

 

I would like the x-forwarded-for variable to always use the public IP address and not the private IP if possible.

 

Testing One of my developers created a variables test page so I can see what IP is being populated in the x-forwarded-for variable. When I launch this page from some machines the x-forwarded-for address will match the public IP address that I get when I google what is my IP and not the private IP address I see when I use ipconfig.

 

We then have a few customers that when they connect to this site the x-fowarded-for variable is populated with the private IP that is assigned to their computer.

 

Configuration

 

  • I have an active/standby HA pair running 12.1.2 HF2
  • This particular configuration was done from http template
  • Plaintext to and from both client and servers
  • Internal server is running IIS with advanced logging enabled
  • Source Address Translation is set to Auto Map
  • http profile has Insert x-forward-for enabled

Thanks for any help or advice you can provide.

 

application delivery
LTM
xforward

1 Reply

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Dec 16, 2017

    Http profile insert x-forwarded-for header from source client IP.

     

    If the connection source IP is private, the bigip will insert the private ip.

     

    If some customers request already include this header populated, the http profile won't remove it. The bigip is not able to know the private ip if it is not included in the request before.

     

    I guess your problem is a firewall configuration issue and a not a bigip issue.