Reflect client IP does not work as expected under 'Proxy' layer.

book

Article ID: 171743

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

There is a reflect client IP policy created under the 'Proxy' layer.
It works for HTTP sites but not for HTTPS sites.

There is no error message but user will notice that the reflect client IP policy does not take effect when browsing HTTPS sites.

Cause

This is an expected behaviour or by design.

Example of policy:

<Proxy>
reflect_ip(10.10.10.10)


This is a behavioral trait specific to the SSL Forward Proxy only. When the SSL proxy makes a connection to the server, it does not evaluate the <proxy> layer. So you will see this behavior. Please note that this is specific to the SSL Proxy only and does NOT apply to our HTTPS Reverse proxy or any other application proxy.

Resolution

The solution is to use the 'Forward' layer.

Example of a policy:

<Forward>
reflect_ip(10.10.10.10)

When the SSL proxy makes a connection to the server, it does not evaluate the <Proxy> layer but the <Forward> layer is evaluated.