Layer7 API Management

Hi All,

Need help on XFF (X-Forwarded-For) setup in F5,if possible could you please provide more details how XFF is setup in F5 even after F5 is acting as SSL passthrough?

Our servers are in DMZ and trying to setup F5 as SSL passthrough and add XFF header from F5 and pass to backend servers to see actual source IP's, but it's breaking connection to servers.

Regards,

Prem.

Hi Prem

If you are using passthrough, then you can't modify the request (ie you can't add a header to the HTTP request), since the F5 does not decrypt the SSL traffic - just "passes" it through - it does not really even know if it is HTTP traffic or not.

SSL Passthrough vs Offloading 

I think this question is continuation of : 

https://communities.ca.com/message/242163540-re-appending-to-the-x-forwarded-for-requesthttp-header?commentID=242163540&… 

But to confirm you can ask the F5 folk on their support forum.

Cheers - Mark

Here would be the link from F5 people discussing the same  : 

https://devcentral.f5.com/questions/x-forwarded-for-with-ssl-passthrough-no-offloading-on-ltm 

(basic answer is : "computer says no" - but they discuss some options - I don't have login, so don't seem to be able to see all their discussion) 

Cheers - Mark

Hi Mark,

Thanks for providing me above details.

Regards,

Prem.