Last Modified: Nov 07, 2022
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 12.1.4, 184.108.40.206, 12.1.5, 220.127.116.11, 18.104.22.168, 22.214.171.124, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 126.96.36.199, 188.8.131.52, 184.108.40.206
Opened: May 01, 2017 Severity: 3-Major
When no XFF header exists, the alert server will use the sender IP address as the client IP address. Doing so is incorrect behavior because the sender IP address is always the BIG-IP system's IP address. Even if XFF headers exist, the client IP address as known to the BIG-IP system may be missing in the XFF header.
Alert server/BIG-IQ does not show the actual client IP address.
This occurs under either of the following conditions: -- There is no XFF header in the original request. -- An XFF header exists, but it does not contain the actual client IP address (as seen by the BIG-IP system).
FPS now always appends the client IP address to the end of the last XFF header in the alert request. If there is no XFF header, FPS inserts one.