【MVS】F5 BIG-IP LTM HTTP XFF头插入配置说明

【MVS】F5 BIG-IP LTM HTTP XFF头插入配置说明

F5 BIG-IP LTM虚服务配置SNAT时，客户端真实的源地址转换为F5设备上配置的地址，导致后端服务器无法获取真实的客户端地址，无法满足溯源等安全侧要求。可以在HTTP请求报文头中插入X-Forwarded-For字段来实现溯源功能，具体操作如下。

Enable the Insert X-Forwarded-For option in the HTTP profile

To configure the BIG-IP system to insert the original client IP address in an X-Forwarded-For HTTP header, perform the following procedure:

1. Log in to the Configuration utility.
2. Go to Local Traffic > Profiles.
3. For Services, select HTTP.
4. Select Create.
5. Enter a name for the HTTP profile.
6. Select the Insert X-Forwarded-For check box.

   Note: Older versions of BIG-IP software may display the option as Insert XForwarded For instead of Insert X-Forwarded-For.

7. For Insert X-Forwarded-For, select Enabled.
8. Select Finished.

   You must now associate the new HTTP profile with the virtual server.

   

实际操作效果如下：

• 地址转换前

• SNAT地址转换后