Users are unable to access the Symantec.cloud portal when going through a proxy server after enabling IP restrictions under Access Control.
Symantec.cloud Management Portal
You are not authorized to log in from your current location. Please contact your adminsitrator.
This is due to the http request containing a HTTP_X_FORWARDED_FOR, which means that the traffic was forwaded from one or more IP addresses. This will cause for the Symantec.Cloud Portal authentication servers to see that the last hop is the HTTP_X_FORWARDED_FOR, changing the IP address(es) that the traffic is coming from the IP address(es) added in the portal under Access Control > IP Restrictions.
Where REMOTE_ADDR=18.104.22.168 is the client's IP adddress and HTTP_X_FORWARDED_FOR=10.111.0.111 is the successive proxy that passed the request adding the IP address where it received the request from.
The proxy administratior will need to have the HTTP_X_FORWARDED_FOR statements removed from the HTTP request or apply a proxy bypass for the following domains:
Note: This restriction provides a limited measure of security, as IP addresses could potentially be spoofed. For example, IP-based restricted access cannot detect instances in which the HTTP_FORWARDED_FOR header has been spoofed. We recommend that you set up two factor authentication in conjunction with IP restrictions for a comprehensive approach to access control.
Subscribing will provide email updates when this Article is updated. Login is required.