How do I enable the HTTP X-Forwarded-For header on a ProxySG?

book

Article ID: 166079

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

How do I enable the HTTP X-Forwarded-For header on a ProxySG?
How do I disable the HTTP X-Forwarded-For header on a ProxySG?
My web based application needs the source IP address of my workstation
But the IP address of my ProxySG is showing up instead of my workstation's IP address
Is there a way for the ProxySG's IP address to show up, but for my client workstation's IP address to also show up?
My NetCache appliance shows the workstation's IP address.  How do I make that happen on my ProxySG?

Resolution

Use the "X-Forwarded-For" command from the command line interface (CLI) in order to pass on the workstation's IP address, but the source IP address of the packet will contain the IP address of the ProxySG.  To enable the X-Forwarded-For http header, login to the CLI and do the following commands:

ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)http add-header x-forwarded-for
  ok
ProxySG#(config)exit
ProxySG#

Please note: in order to add the X-Forwarder-For header to HTTPS traffic, traffic must be SSL decrypted.

To disable or turn off the x-forwarded-for header, please do the following command from the CLI:

ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)http no add-header x-forwarded-for
  ok
ProxySG#(config)exit
ProxySG#

For more information regarding the X-Forwarded-For header, please see the Configuration and Management Guide (CMG).