How to see originating IP addresses of connections coming through SWG proxy

book

Article ID: 157788

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

There is a need, for example for traffic accounting purposes to see the originating IPs of connections coming through SWG proxy.

Resolution

As of SWG 5.1 this is achieved by the usage of "X-Forwarded-For" header in HTTP protocol. Here is an example of such packet generated by SWG proxy:

GET / HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-ie
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 1.1.4322)
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 18 Jan 2013 10:42:17 GMT; length=20746
Host: www.test.com
Via: 1.1 swgin01.test.local (SWG)
X-Forwarded-For: 192.168.0.138
Cache-Control: max-age=259200
Connection: keep-alive

For more info please refer to:

http://en.wikipedia.org/wiki/X-Forwarded-For

 

Note: While some of our customers find this option particularly useful, there is also a bit of concern about security implications. Due to this fact, this option might be disabled by default in later builds. It should be still possible to re-enable this option on demand. We will update this article if/when new information becomes available.