About X-Forwarded-For HTTP Headers

The X-Forwarded-For (XFF) HTTP header is a de facto standard for identifying the originating IP address of a client connecting to a Web server through an HTTP proxy or load balancer. X-Forwarded-For header are supported by most proxy servers, and IPv6 X-Forward-For headers are supported in IWSVA. The headers can be parsed to access the client’s IPv6 addresses similar to the behavior of IPv4 addresses.

IWSVA also handles three actions for IPv6 access similar to IPv4, including the “Keep X-Forwarded-For header intact" feature, the "Append the IP address where IWSVA receives the request" feature, and the "strip X-Forwarded-For header" feature.

See the following table to learn how the deployment mode affects the use of XFF HTTP headers.

Deployment Mode

Parses XFF

Action: Add

Action: Keep

Action: Remove

Notes

Forward Proxy

Yes

Yes

Yes

Yes

 

Bridge

Yes

N/A

Yes

Yes

This mode is transparent and does not need to add an IP address in the header.

WCCP

Yes

Yes

Yes

Yes

 

Simple Transparency

Yes

Yes

Yes

Yes

 

ICAP

N/A

N/A

N/A

N/A

IWSVA acts as an ICAP server. It does not communicate with the client and server. The IP address is provided by the ICAP client with an X-Client-IP header

Reverse Proxy

N/A

N/A

N/A

N/A

XFF HTTP headers are not supported in this mode.

See also:

Configuring XFF HTTP Headers