Forum Discussion
3 Replies
Hi!
Why not SNAT all traffic then and insert XFF headers which then can enable logging of the clients real IP on the web server?
One thing I can think of is using the LB_FAILED event in conjunction with HSL. Maybe somebody can think of something better though.
From devcentrals wiki
The LB_FAILED event is triggered when LTM is ready to send the request to a pool member and one hasn’t been chosen (the system failed to select a pool or a pool member), is unreachable (when no route to the target exists), has reached a queue limit, or is non-responsive (fails to respond to a connection request).
when LB_FAILED { set hsl [HSL::open -proto UDP -pool syslog-514_pool] HSL::send $hsl "LB_Failed triggered for client: [IP::client_addr]\n" }
This rule would send a message to your syslog server, which you can then configure to alert you.
Kind regards, Patrik
- What_Lies_Bene1Cirrostratus
I don't think that would be useful. The only thing I can think of is an iRule that would be configured to increment a counter for every HTTP_RESPONSE and then write a log message on the CLIENT_CLOSED event if the counter value was 0 (thus there had been no responses seen).
Of course, this could generate false positives for many reasons.
While we're brainstorming... 🙂
If the clients and servers share the same networks you can try something like this to prevent forgetting to set the SNAT:
when LB_SELECTED { if { [IP::addr [IP::client_addr]/24 equals [LB::server addr]/24] } { snat automap } }
/Patrik