For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

kuldeep7985

Nimbostratus

Dec 25, 2024

Status:

Needs Info

Request to forward client IP in X-Forwarded-For header

I don't really think WAF side has passed in real IP in X-Forwarded-For Http header!!

For Example: If I manually add a fake X-Forward-For header, our nginx is able to receive it.

In the picture, it shows a flow:

10.237.37.114 (just passthrough X-Forward-For if any, didn't append the upstream IP) -> 10.237.37.110 (append 10.237.37.114 to X-Forward-For) -> 10.244.9.73 (our nginx)

This pic means our OCI LB and nginx are fine, they respect the passed in X-Forwarded-For, so if WAF passes it then we'll get it.

For the first 10.237.37.114, some questions:

What's this IP?
What's the upstream of this IP?

Kindly find PFA.

ASM WAF

LTM VE

1 Comment

LiefZimmerman
Admin
Dec 29, 2025
Status changed:
New
to
Needs Info
Hey kuldeep7985 - this seems to have evaded my notice for 1 year now! ugh.
Sorry for that.

It looks like it belongs in our Technical Forum?

Or are you asking for a feature change to an F5 Product?

Request to forward client IP in X-Forwarded-For header

1 Comment

Related Content

Extracting X-Forwarded-For in Node.js

X Forwarded For Single Header Insert

X-Forwarded-For Log Filter for Windows Servers

TCP Option 28 X-Forwarded-For Header

IIS X-Forward-For ISAPI Filter

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS