How to see the actual IP when coming from F5 APM module to ASM

Question

Hi&nbsp;
I am applying ASM to an application which users are using via external F5 APM. When i look at the event logs, the source IP is the F5 external Interface IP . Is there a way to see the actual source IP ?&nbsp;

youssef1 · Answer

Hi,&nbsp;
Yes, on your APM you have to enable XFF on your HTTP profile in order to send USER IP to ASM.&nbsp;
Then in ASM, you can configured it to trust the XFF header send by APM. Then the system identifies the location using the address from the XFF header instead of the source IP address.&nbsp;
All is indicate in this article (step by step), quick and simple:&nbsp;
In your Security Policy, Security &gt; Application Security &gt; Policy &gt; Policy Properties adjust the view from Basic to AdvancedCheck the box next to Trust XFF Header (Navigate to Security -&gt; Application Security -&gt; Policy -&gt; Policy Properties.
https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-7-geolocation&nbsp;
Let me now if you need more details.&nbsp;
regards&nbsp;

Forum Discussion

How to see the actual IP when coming from F5 APM module to ASM

1 Reply

Recent Discussions

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

Related Content

SkyNet Is Coming For Email First... Thankfully!

Ansible module to update BIG-IP root/admin passwords

Hardware Security Modules

Ansible - Running bash commands with bigip_command module - How it's done

Revolutionize F5 BIG-IP Deployment Automation with HashiCorp’s No-Code Ready Terraform Modules