Enable the x-forwarded-for header in the VPM

book

Article ID: 168647

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You want to enable the HTTP header, x-forwarded-for, for only specific users/IPs or specific websites.

Cause

The x-forwarded-for HTTP header can be added to all traffic that traverses a ProxySG appliance globally by running the following from the CLI:

ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)http add-header x-forwarded-for
  ok
ProxySG#(config)exit


However, sometimes you may just need the header enabled for specific sites or specific users.

 

Resolution


You can add the x-forwarded-for HTTP header via policy by using the specific triggers (source, destination address, etc). The below example provides the steps to configure an action object via the Visual Policy Manager, (VPM):

  1. In a Web Access Layer, create a new rule.
  2. Set the source and/or destination for this new rule to specify the objects that you wish to trigger this rule.
  3. Right-click the Action column in the new rule, click Set, NewControl Request Header
  4. In the header name field, type x-forwarded-for
  5. Set the value to $(client.address)
  6. Click Ok.


Note:  This will append an x-forwarded-for header containing the client's original IP address, but only to HTTP requests that match the source and/or destination of the rule you created.