NimbostratusHello
When my VS is invoked from Cloudflare, the header contains two ip addresses. I have identified that the first ip address of the header corresponds to the user that connects and the second ip address correspond to Cloudflare
¿Is it possible to insert only the ip address of the connecting user and remove the ip address from Cloudflare?
MVPHi satyr,
Cloudflare has another header you could use, see the article for True-Client-IP header:
Understanding the True-Client-IP Header
Enable this header and try to update your iRule like this:
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [HTTP::header value "True-Client-IP"]
}Let us know if this has solved your issue.
KR
Daniel
MVPDoes your application traffic flow is like given below ? -
Client --> CloudFlare --> F5 vServer --> Backend servers
If yes, then xff settings enabled under http profile mapped on the vServer is adding CF IP in the header. The original client IP in the header is added by CF itself. In this case, disabling xff settings under F5 http profile should help you. But this change/setting will be applicable for all the application urls which are on that vServer.
NimbostratusHello Mayur
Thanks for read my question.
In this moment the traffic flow is: Cloudflare-->F5 Virtual Server-->Backen Servers
NimbostratusHello Daniel
In this moment the traffic flow is: Cloudflare-->F5 Virtual Server--> Backend Servers
In the backend servers (httpd.conf archive), I have the following line to capture the remote ip address
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
SetEnvIf X-Forwarded-For "^.\..\..\.." forwarded
MVPHallo Satyr,
you should add a log statement to the iRule or do a tcpdump in order to monitor whether the True-Client-IP Header contains two IP addresses or if the second IP is added by something else to the XFF header.
KR
Daniel