Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP FPS
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Nov 09, 2016 Severity: 3-Major
BIG-IP alerts contains proxy IP address instead of client IP address.
WebSafe uses wrong IP address (proxy) as 'client IP' in alerts.
1. db var antifraud.uselastxff is disabled. 2. HTTP's 'accept xff' is enabled. 3. Request contains multiple XFF headers.
Use alternate XFF headers in HTTP profile.
xff logic should consider multiple xff headers