Logging WL-Proxy-Client-IP and X-Forwarded-For to determine Client IP behind F5

In order to determine the client IP that sends requests to a Web Server placed behind an F5 appliance, you can attach this iRule to your virtual server. This iRule logs the requested Client IP address under System > Logs > Local Traffic.

This iRule logs following

  • Client IP address
  • Request URL
  • X-Forwarded-For header value
  • WL-Proxy-Client-IP header value
  • Response Code for Requested URL

—- Code starts

when HTTP_REQUEST {
set LogString “Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]”
log local0. “=============================================”
log local0. “$LogString (request)”
foreach aHeader [HTTP::header names] {
log local0. “$aHeader: [HTTP::header value $aHeader]”
}
log local0. “=============================================”
}
when HTTP_RESPONSE {
log local0. “=============================================”
log local0. “$LogString (response) – status: [HTTP::status]”
foreach aHeader [HTTP::header names] {
log local0. “$aHeader: [HTTP::header value $aHeader]”
}
log local0. “=============================================”
}

—- Code ends

Under System > Logs > Local Traffic, you would see logs similar to one below (sensitive information are hidden)