Due to the fact that the F5 Big-IP make use of SNAT to load balance traffic, your back-end node will see the traffic coming from the IP of the load balancer and not the true client.
To overcome this (for web traffic at least), the F5 injects the X-Forwarded-For header in to HTTP steams with the true clients IP.
In apache you may want to log this IP instead of the remote host if it has been set. Using the SetEnvIf, we can produce a suitable LogFormat line based on if the X-Forwarded-For header is set or not:
CustomLog "/path/o/log/dir/example.com_access.log" combined env=!forwarded
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "/path/to/log/dir/example.com_access.log" proxy env=forwarded
The above assumes that the “combined” LogFormat has already been defined.
If you use the ::apache::vhost puppet class from the puppetlabs/apache module, you can achieve the same result with the following parameters:
::apache::vhost { 'example.com':
logroot => "/path/to/log/dir/",
access_log_env_var => "!forwarded",
custom_fragment => "LogFormat \"%{X-Forwarded-For}i %l %u %t \\\"%r\\\" %s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" proxy
SetEnvIf X-Forwarded-For \"^.*\..*\..*\..*\" forwarded
CustomLog \"/path/to/log/dir/${title}_access.log\" proxy env=forwarded"
}
There’s also mod_remoteip (http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html) which does this and might be simpler, but I’ve not tried it yet myself. Have plans to use the F5s but haven’t done so yet… (but have several items which will become much simpler if I do!)