using XFF and https

Question

Was wondering when using the X-Forwarded-For header on https if I need to terminate the entire SSL session on the LTM via a client-ssl profile or can I just use store a copy of the key decrypt the traffic? 
&nbsp;  
&nbsp; Any thoughs are appreciated. 
&nbsp;  
&nbsp;

hooleylist · Answer

If you want to inspect or modify the HTTP headers or data, you'd need to decrypt the traffic on LTM using the SSL key configured in a client SSL profile. If the LTM to server connection needs to be encrypted, you could use a server SSL profile to re-encrypt the traffic. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

using XFF and https

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Limiting HTTP/HTTPS GET and POST Flood Attacks using an iRule

Remove additional IP from XFF HTTP Header

HTTP Health Monitor Failure Behavior

iRule HTTPS to HTTPS redirection

Replace HTTPS://xxxx.xxxx.com with HTTP://xxxx.xxxx.com