"X-Forwarded-For" HTTP Header Behavior in Proxy Chain Environments
Last Updated March 04, 2018
The "X-Forwarded-For" HTTP header contains the IP of the client that performed a specific HTTP request. This header is used by proxies or other devices to apply policies to HTTP traffic where the IP of the incoming message does not match the source client IP.
In a ProxySG, the X-Forwarded-For HTTP header can be used as a Source condition in the Visual Policy Manager (VPM) to apply policy specific requests. The ProxySG can also add an X-Forwarded-For header as described in article TECH241700 in order to append the client's IP to the proxy's outbound request.
The purpose of this article is to explain how the proxy behaves when we have two proxies in a chain environment and both of them have the X-Forwarded-For header enabled.
In a common proxy chain deployment, there are typically two or more proxies within the topology. For this example we will refer to two proxies, "Proxy 1" (Internal proxy) and "Proxy 2" (External proxy).
Given this scenario, if we enable the "X-Forwarded-For" header feature in both proxies via the Command Line Interface (CLI), the following will occur:
Proxy 1 receives an HTTP request and adds the X-Forwarded-For header then sends the HTTP request to Proxy 2.
Proxy 2 will see that it the HTTP request already has this header, so it will leave it as it is, without changing it.
Proxy 2 will then create the outbound HTTP request. This request will contain the X-Forwarded-For header that was added in Proxy 1, unmodified.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.