Back=right mouse click.
The X-Forwarded-For (XFF) HTTP header is a de facto standard for identifying the originating IP address of a client connecting to a Web server through an HTTP proxy or load balancer. X-Forwarded-For header is supported by most proxy servers.
When IWSVA receives an HTTP request with XFF header, it parses the XFF header to get the original client IP address and use the IP address to do a policy match.
When IWSVA forwards an HTTP request, it takes the action configured by the administrator on the XFF HTTP header.
Note: IWSVA does not support parsing XFF headers for HTTPS traffic.
See the following table to learn how the deployment mode affects the use of XFF HTTP headers.
Deployment Mode
Parses XFF
Action: Add
Action: Keep
Action: Remove
Notes
Forward Proxy
Yes
Bridge
N/A
This mode is transparent and does not need to add an IP address in the header.
WCCP
Simple Transparency
ICAP
IWSVA acts as an ICAP server. It does not communicate with the client and server. The IP address is provided by the ICAP client with an X-Client-IP header
Reverse Proxy
XFF HTTP headers are not supported in this mode.
Configuring XFF HTTP Headers
