The "X-Forwarded-For" HTTP header contains the IP of the client that performed a specific HTTP request. This header is used by proxies or other devices to apply policies to HTTP traffic where the IP of the incoming message does not match the source client IP.
In a ProxySG, the X-Forwarded-For HTTP header can be used as a Source condition in the Visual Policy Manager (VPM) to apply policy specific requests. The ProxySG can also add an X-Forwarded-For header as described in article TECH241700 in order to append the client's IP to the proxy's outbound request.
The purpose of this article is to explain how the proxy behaves when we have two proxies in a chain environment and both of them have the X-Forwarded-For header enabled.
In a common proxy chain deployment, there are typically two or more proxies within the topology. For this example we will refer to two proxies, "Proxy 1" (Internal proxy) and "Proxy 2" (External proxy).
Given this scenario, if we enable the "X-Forwarded-For" header feature in both proxies via the Command Line Interface (CLI), the following will occur: