How to see originating IP addresses of connections coming through SWG proxy


Article ID: 157788


Updated On:


Web Gateway


There is a need, for example for traffic accounting purposes to see the originating IPs of connections coming through SWG proxy.


As of SWG 5.1 this is achieved by the usage of "X-Forwarded-For" header in HTTP protocol. Here is an example of such packet generated by SWG proxy:

GET / HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/, application/xaml+xml, */*
Accept-Language: en-ie
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 1.1.4322)
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 18 Jan 2013 10:42:17 GMT; length=20746
Via: 1.1 swgin01.test.local (SWG)
Cache-Control: max-age=259200
Connection: keep-alive

For more info please refer to:


Note: While some of our customers find this option particularly useful, there is also a bit of concern about security implications. Due to this fact, this option might be disabled by default in later builds. It should be still possible to re-enable this option on demand. We will update this article if/when new information becomes available.