Follow

Q&A: Is it Possible to Configure/Forward Only the Last Client IP in the X-Forwarded-For (XFF) Header?

Question

  • Is it Possible to Configure/Forward Only the last client IP in the X-Forwarded-For (XFF) Header? 

Environment

Relevant Customer environmental factors, such as:

  • Silverline WAF/DDoS
  • Proxy
  • iRule 

Answer

Yes, the requested configuration can be achieved via an iRule

when HTTP_REQUEST priority 340 {
   HTTP::header remove "X-Forwarded-For"
   HTTP::header replace X-Forwarded-For [call ag_info0::http_client_ip]
}
  • Please reach out to the SOC and inform them that you/your team would like to implement the iRule stated in this article
    • Once the iRule is ready to be enabled, under the Proxy Configuration Tab -> Service Type (WAF Proxy, SSL HTTP, and/or HTTP) Tab > iRule
      • Select and turn on the iRule
  • Also, it is worth to take into consideration of turning off "Insert X-Forwarded-For Header" setting under the Proxy Configuration Tab -> Service Type (WAF Proxy, SSL HTTP, and/or HTTP) Tab -> Advanced Tab, as the iRule is already performing this behavior. 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request