What Happened?
What should I do if I want to exclude a specific source IP from CSRF?
Environment
- F5® Distributed Cloud (XC) HTTP Load Balancer
Resolution/Answer
You can use x-envoy-external-address as a header match on a Route with the IP address and turn off CSRF on that Route.
Cause
Since XC will add the X-Envoy-External-Address before the request goes to the route, we can use this to skip CSRF processing for specific IP. If you want to know what does X-Envoy-External-Address mean, you can refer to this article Configure HTTP Header Processing | F5 Distributed Cloud Technical Knowledge.