IP address of DDOS provider being displayed instead of customer IP in XFF header

Question

We recently implemented DDOS protection before our customer facing F5 and now the IP address being presented to the back-end application is the one for the DDOS provider rather than the customer IP.&nbsp;
The DDOS provider sends an XFF header and we have both the  Insert X-Forwarded-For option enabled in the HTTP profile and the following irule defined:&nbsp;
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [IP::remote_addr]
}&nbsp;
As described in K4816.  Do I have to disable the HTTP profile for this to work.&nbsp;
Thanks&nbsp;

youssef1 · Answer

Hello Paul,&nbsp;
What you did is wrong, let me expain.&nbsp;
The irule that you set allow you to insert XFF from F5 (you will send F5 IP to your backend). Example: you want to insert XFF for backend serveur you can use this Irule ou use HTTP profil by checking "Insert XFF".&nbsp;
For me you have to remove this Irule from your VS and uncheck "Insert XFF" from HTTP profil.&nbsp;
Normaly the backend have to received XFF header send by provider, F5 will FW it to the backend..&nbsp;
Regards&nbsp;

Forum Discussion

IP address of DDOS provider being displayed instead of customer IP in XFF header

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)

Enable SAML Service Provider on F5 Distributed Cloud Application

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

F5 Terraform providers – Helping to implement Infrastructure as Code

About Bot Defense can't display