.png){kind=logo}
set_real_ip_from 192.168.1.100; # A10 IP or subnet real_ip_header X-Forwarded-For; real_ip_recursive on;
RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 192.168.1.100 # Your A10's interface IP RemoteIPInternalProxy 10.0.0.0/8 # Or entire trusted subnet a10 x-forwarded-for
While templates are powerful, they lack conditional logic. What if your A10 is chained behind another proxy (like Cloudflare or Akamai)? In that case, the "Client IP" the A10 sees is actually the CDN IP. You might need to trust and pass along the X-Forwarded-For header that arrived at the A10, or insert the A10's own view of the client IP into the chain. set_real_ip_from 192
Compliance frameworks often require tracking of original client IPs for access to sensitive data. XFF, when properly secured, fulfills this requirement. You might need to trust and pass along
This article was written for network architects, DevOps engineers, and security professionals managing A10 Networks ADC appliances in production environments.