Issue / Solution: L7 DDoS Profile or Shape Identifies CDN IP as Client IP instead of the X-Forwarded-For or Custom XFF Header


  • I have a CDN (like Akamai or Cloudflare) in front of Silverline's proxy that has an L7 DDoS/Shape profile enabled
    • The L7 DDoS/Shape profile identifies the Source IP coming from CDN IP and not the actual client IP address
    • Typical traffic flow
      • Client -> CDN -> F5 Silverline -> Backend Application



  • CDN
    • XFF
    • True-Client-IP
    • Other Alternative Source IP header
  • Silverline Proxy
  • Shape Defense
  • L7 DDoS


  • The "Insert X-Forwarded-For Header" option under the proxy configuration is likely enabled 
    • This option would insert the XFF header with the incoming source IP.



  • Ensure that the correct HTTP header is configured in "Alternative Trusted Source Header"
  • Ensure that the "Insert X-Forwarded-For Header" option is disabled
    • Screen_Shot_2021-04-13_at_4.51.13_PM.png
    • Note : If the CDN is using a custom X-Forwarded for header such as True-Client-IP, add the header name in the Alternative Trusted Source Header field. 


Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request