Bug ID 627656: BIG-IP alerts contains proxy IP instead of client IP

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP FPS(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: Nov 09, 2016

Severity: 3-Major


BIG-IP alerts contains proxy IP address instead of client IP address.


WebSafe uses wrong IP address (proxy) as 'client IP' in alerts.


1. db var antifraud.uselastxff is disabled. 2. HTTP's 'accept xff' is enabled. 3. Request contains multiple XFF headers.


Use alternate XFF headers in HTTP profile.

Fix Information

xff logic should consider multiple xff headers

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips