Problem Insert Clien IP in HTTP Header

We have configured a HTTP Template for insert client IP in the Http Header, in the SLB VS configuration we have two apache server.

The HTTP working properly in the Apache1 but Apache2 recived the HTTP Header with two X-Forwarded-For  (IP Client and IP NAT)


This is the configuration:

A10PRO1-NEW-Active-vMaster[1/1][DMZ]#$ slb virtual-server ESSUPRWEB-VIP
slb virtual-server ESSUPRWEB-VIP 172.16.183.1
  description ESSUPRWEB-VIP Virtual Server
  port 443 https
     name _172.16.183.1_HTTPS_443
     source-nat pool NATCLIENTE_DMZ
     service-group ESSUPRWEB_HTTPS
     template http HTTP-POLICY
     template client-ssl test-disa-cliente
     template server-ssl test-disa-server
     aflex aflex_CLIENT_ACCEPTED
     aflex aflex_Apache_PRO
  port 80 http
     name _172.16.183.1_HTTP_80
     template http HTTP-POLICY
     aflex HTTP_Redirect
!

A10PRO1-NEW-Active-vMaster[1/1][DMZ]#show slb template http
slb template http HTTP-POLICY
  insert-client-ip X-Forwarded-For replace

A10PRO1-NEW-Active-vMaster[1/1][DMZ]#showrunning-configslbservice-group
slbservice-groupESSUPRWEB_HTTPtcp
   extended-stats
   memberESSUPRWEB01:80
   memberESSUPRWEB02:80
!
slbservice-groupESSUPRWEB_HTTPStcp
   extended-stats
   memberESSUPRWEB01:443
   memberESSUPRWEB02:443



Apache2# /usr/sbin/tcpdump -i ens224 -A -s 10240 '(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g' | grep X-Forwarded-For

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens224, link-type EN10MB (Ethernet), capture size 10240 bytes
X-Forwarded-For: IPclient, SNat Load Balancer
X-Forwarded-For: 195.76.147.141, 172.16.183.115
X-Forwarded-For: 195.76.147.141, 172.16.183.115

Can u help me please

Thx

Comments

  • mdunnmdunn Member, A10ers ✭✭✭

    Hello - That is strange behavior, especially for only one server within the service-group. Can you also provide the aflex scripts? Perhaps one of those is influencing this.

  • The Aflex aflex_Apache_PRO is for match domain name url and redirect directory for the apache


    The aflex aflex_CLIENT_ACCEPTED


Sign In or Register to comment.