Environment
- EDR Server: 6.x and Higher
- F5 Reverse Proxy
Objective
How to allow sensor communication to Response through F5 reverse proxy when F5 is configured to send from multiple IP addresses.
Resolution
- Configure F5/EDR using existing documented steps (see Related Content)
- On EDR server (master and minions in case of a cluster), edit /etc/cb/nginx/includes/cb.server.base_body and delete the section below
if ($remote_addr = $reverseproxyip) {
set $client_cert $http_x_client_cert_id;
set $keep_x_real_ip T;
}
- In the same location, add the following text, replacing <IP ADDRESS> with your F5 IP. Duplicate this section for each IP address F5 is configure with.
if ($remote_addr = "<IP ADDRESS>") {
set $client_cert $http_x_client_cert_id;
set $keep_x_real_ip T;
}
- If you have IPv6 configured, preface the IP address with ::ffff:, example: ::ffff:192.168.1.15
Additional Notes
ReverseProxyIP= configuration parameter in /etc/cb/cb.conf will be rendered nonfunctional, and changes to F5 IPs should be reflected in /etc/cb/nginx/includes/cb.server.base_body
Related Content
