Bug ID 627656: BIG-IP alerts contains proxy IP instead of client IP

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Nov 09, 2016
Severity: 3-Major

Symptoms

BIG-IP alerts contains proxy IP address instead of client IP address.

Impact

WebSafe uses wrong IP address (proxy) as 'client IP' in alerts.

Conditions

1. db var antifraud.uselastxff is disabled. 2. HTTP's 'accept xff' is enabled. 3. Request contains multiple XFF headers.

Workaround

Use alternate XFF headers in HTTP profile.

Fix Information

xff logic should consider multiple xff headers

Behavior Change