There are websites that return errors indicating that requests cannot be processed when accessing via a proxy that is configured to append an X-Forwarded-For header to outbound HTTP requests.
Some companies have a requirement to identify the originating client IP address for requests that are sent outbound from their proxy. So as a solution, the proxy is configured to append an HTTP X-Forwarded-For header which provides the originating client IP address as the value so that upstream monitoring tools will be able to track this information (see 000010319 for more information). However, some web servers will return an error when receiving a request with an X-Forwarded-For header. One example website is www.tracktracer.com which will return an error when logging into the site with these HTTP headers present in the request.
When the described issue has been identified to be the cause of a problem accessing a website, it can be addressed by setting policy to suppress the X-Forwarded-For header when accessing the specific website through the proxy.
You can do this by creating a rule within the VPM of the ProxySG on a web access layer with a "Control Request Header" action. In that action the settings would appear as shown in the image below:
In the destination field of that rule, you will want to use a Request URL object or a Request URL Category object which lists the website(s) or destination IP addresses in question. Your rule would appear as shown below:
In CPL format, the policy rule would appear as shown below if you were to use it alone in a layer:
condition= X-Forwarded-For_Suppressed_URLs action. Suppress_X-Forwarded_For(yes)
define condition X-Forwarded-For_Suppressed_URLs ; Sites that have problem with 'X-Forwarded-For' header
;--replace this line with a website you're having the issue with (example in red below)--;
define action Suppress_X-Forwarded_For
end action Suppress_X-Forwarded_For
*See the following KB article for instructions on installing CPL in your local policy file 000010101