Bug ID 627656: BIG-IP alerts contains proxy IP instead of client IP

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:

Opened: Nov 09, 2016
Severity: 3-Major


BIG-IP alerts contains proxy IP address instead of client IP address.


WebSafe uses wrong IP address (proxy) as 'client IP' in alerts.


1. db var antifraud.uselastxff is disabled. 2. HTTP's 'accept xff' is enabled. 3. Request contains multiple XFF headers.


Use alternate XFF headers in HTTP profile.

Fix Information

xff logic should consider multiple xff headers

Behavior Change