How to disable the XFF header for a specific website when the Cloud SWG policy is managed from the Management Center.

search cancel

How to disable the XFF header for a specific website when the Cloud SWG policy is managed from the Management Center.

book

Article ID: 239275

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Based on the Cloud SWG portal configurations, the Cloud SWG proxy would add either the Original Source IP or an Anonymous IPv6 address as the X-Forwarded-For (XFF) header value to all outbound web requests.

Some website access might break due to this additional HTTP header injected by Cloud SWG.

Environment

Cloud SWG (WSS - Web Security Service)

Resolution

The X-Forwarded-For (XFF) header can be disabled from the Management Center policy (UPE). The following CPL policy can be used for removing the X-Forwarded-For (XFF) header.

#if enforcement=wss

define action delete_xff
delete(request.header.X-Forwarded-For)
end

define condition remove_XFF
url.domain=example.com
end

<proxy>
condition="remove_XFF" action.delete_xff(yes)

#endif

Note: Replace example.com with the domain that you want the XFF to be deleted.

Feedback

thumb_up Yes

thumb_down No