0

Akamai returns client IP in True-Client-IP header. This can be disabled in Akamai settings so that Akamai will return client IP in HTTP-X-Forwarded-For header, but this will contain multiple IP addresses (Client IP, Proxy 1, Proxy 2, etc).

I need to retrieve the client IP in the web server (IIS 7.5), behind F5 load balancer.

What do I need to do in the F5?

Will F5 pass the True-Client-IP header to the web servers directly?

Or, should I change Akamai settings to return client ip in HTTP-X-Forwarded-For header instead?

ronanray
  • 103
  • 1
  • 3

2 Answers2

1

Per StackOverflow: I would use X-Forwarded-For because BIG-IP already has provisions to pass this through.

Depending on the version of BIG-IP, you can accomplish this in an iRule or in newer versions, X-Forwarded is a feature to enable within your HTTP profile. Then you just need to configure IIS to accept that new data.

https://devcentral.f5.com/questions/big-ip-http-profile-insert-x-forwarded-for-enabled

This should get you started. If you're pre 11.x TMOS, refer to this discussion:

https://devcentral.f5.com/questions/how-to-setup-x-forwarded-for-http-header-to-preserve-the-original-client-ip-address-for-traffic-translated-by-a-snat--25436

Hope this helps.

Community
  • 1
Chase
  • 409
  • 2
  • 8
  • When you say "per StackOverflow...", it leads me to assume there was a similar question posted (and hopefully answered) there. Can you link to it for everyone's viewing pleasure? – GregL Oct 21 '15 at 19:30
  • Sorry, forgot to add. – Chase Oct 21 '15 at 19:34
  • Apologies, for double question. I wanted to get opinion from both sys admins and developers on this matter. Since this has been redirected to Stackoverflow, I will follow up on Stackoverflow. – ronanray Oct 22 '15 at 02:59
0

If the True-Client-IP header for whatever reason is not present or accurate, you might be able to pull the true client IP out of tcp options via an iRule as well. Details here.

Jason Rahm
  • 396
  • 1
  • 6