We have configured a HTTP Template for insert client IP in the Http Header, in the SLB VS configuration we have two apache server.
The HTTP working properly in the Apache1 but Apache2 recived the HTTP Header with two X-Forwarded-For (IP Client and IP NAT)
This is the configuration:
A10PRO1-NEW-Active-vMaster[1/1][DMZ]#$ slb virtual-server ESSUPRWEB-VIP
slb virtual-server ESSUPRWEB-VIP 172.16.183.1
description ESSUPRWEB-VIP Virtual Server
port 443 https
name _172.16.183.1_HTTPS_443
source-nat pool NATCLIENTE_DMZ
service-group ESSUPRWEB_HTTPS
template http HTTP-POLICY
template client-ssl test-disa-cliente
template server-ssl test-disa-server
aflex aflex_CLIENT_ACCEPTED
aflex aflex_Apache_PRO
port 80 http
name _172.16.183.1_HTTP_80
template http HTTP-POLICY
aflex HTTP_Redirect
!
A10PRO1-NEW-Active-vMaster[1/1][DMZ]#show slb template http
slb template http HTTP-POLICY
insert-client-ip X-Forwarded-For replace
A10PRO1-NEW-Active-vMaster[1/1][DMZ]#showrunning-configslbservice-group
slbservice-groupESSUPRWEB_HTTPtcp
extended-stats
memberESSUPRWEB01:80
memberESSUPRWEB02:80
!
slbservice-groupESSUPRWEB_HTTPStcp
extended-stats
memberESSUPRWEB01:443
memberESSUPRWEB02:443
Apache2# /usr/sbin/tcpdump -i ens224 -A -s 10240 ‘(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)’ | egrep --line-buffered "^…(GET |HTTP/|POST |HEAD )|[1]+: " | sed -r ‘s/^…(GET |HTTP/|POST |HEAD )/\n\1/g’ | grep X-Forwarded-For
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens224, link-type EN10MB (Ethernet), capture size 10240 bytes
X-Forwarded-For: IPclient, SNat Load Balancer
X-Forwarded-For: 195.76.147.141, 172.16.183.115
X-Forwarded-For: 195.76.147.141, 172.16.183.115
Can u help me please
Thx
A-Za-z0-9- ↩︎
