Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
May 06, 2021

What does the BIG-IP LTM do when it can not insert an X-Forwarded-For

Hi;

 

I have an F5 virtual server listening on port 8080 and load balancing two forward explicit proxies. I want the F5 to add an XFF header as I am using SNAT auto map.

 

The F5 is only load balancing and when the explicit proxy traffic is clear text http, I know the F5 adds the XFF without any issues. Also, when there is a request with a "Connect" http method, the F5 adds the XFF too.

 

My question is what happens when the http datagram destined to port 8080 has a TLS payload, like a "client hello" for example. I know that the F5 in this case will not insert the XFF header. However, I am more interested in what the F5 will do to this datagram. Does it drop it, or pass it without the XFF.

 

 

Kindly

Wasfi

  • Hi Wasfi,

     

    When using LTM without the required licenses like SSLO or SWG to intercept SSL traffic via the Explict Forward Proxy, it will just pass the SSL traffic without changing the payload.

     

    Kind regards,

     

    --Niels

  • Hi Wasfi,

     

    When using LTM without the required licenses like SSLO or SWG to intercept SSL traffic via the Explict Forward Proxy, it will just pass the SSL traffic without changing the payload.

     

    Kind regards,

     

    --Niels