ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to disable the XFF header for a specific website when the WSS policy is managed from the Management Center.

book

Article ID: 239275

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Based on the WSS portal configurations, the WSS proxy would add either the Original Source IP or an Anonymous IPv6 address as the X-Forwarded-For (XFF) header value to all outbound web requests.

Some website access might break due to this additional HTTP header injected by WSS.

Resolution

The X-Forwarded-For (XFF) header can be disabled from the Management Center policy (UPE). The following CPL policy can be used for removing the X-Forwarded-For (XFF) header.

 

#if enforcement=wss

define action delete_xff
  delete(request.header.X-Forwarded-For)
end

define condition remove_XFF
  url.domain=example.com
end

<proxy>
condition="remove_XFF" action.delete_xff(yes)

#endif

 

Note: Replace example.com with the domain that you want the XFF to be deleted.

Attachments