Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?

ArrayOS ASF 3.0.0.1 supports the function of inserting the client IP address into HTTP requests for the specified HTTP profile. After this function is enabled for an HTTP profile that is applied to a security service, client IP addresses that hit the security service will be forwarded to real services associated with the security service.

Why we require X-Forwarded-For option:

The X-Forwarded-For (XFF) header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. When traffic is intercepted between clients and servers, server access logs contain the IP address of the proxy or load balancer only. To see the original IP address of the client, the X-Forwarded-For request header is used.

Please follow below instructions to enable X-Forwarded-For option through webui:

Expand “Application Defense” option under security Defense.

Click on “HTTP Profile” and click on “Request Security” option.

Click on “Request Header” under “Request Security” options

Enable the “X-Forwarded-For” option in section “Transferring Client IP to Backend Server”

Selection value as “Header” in Transfer Mode.

Click on Apply Changes and save configuration globally.

We can also define custom header name by mentioning the require header name in “Custom Entity Name” option.

Please follow below instructions to enable X-Forwarded-For option through CLI:

Switch to enable mode with command “enable” and enter into confirm mode with command “conf terminal”

Execute the below command to enable the x-forwarded-for option

#http profile insert request xforwardedfor on "Http_profile_Name" header "X-Forwarded-For"

Note: Please mention the exact http profile name on highlighted section on above command.

Example for enabling the xforwardedfor :

#http profile insert request xforwardedfor on "CLP" header "X-Forwarded-For"

Example for enabling the xforwardedfor with custom header name:

#http profile insert request xforwardedfor on "CLP" header "Client_ip"

How to verify that ASF is forwarding the client ip to Backend server :

To confirm this, we need to take the debug trace log from ASF. If you are using HTTPS real service then you need to decrypt the debug trace for backend real service communication.

In debug trace, click on http request from ASF to real service and check for header name "X-Forwarded-For". The http request should have the header "X-Forwarded-For" with client ip.

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
<a href="http://www.gezc1wfo39q32r0t0z8535yt4e56r82vs.org/">arbjfsjryqc</a>
rbjf sjryqc http://www.gezc1wfo39q32r0t0z8535yt4e56r82vs.org/
/> urbjfsjryqc

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
<a href="http://www.g1ccmw6pl42m5886fa434jixzpg55299s.org/">aiirfbniir</a>
iirfb niir http://www.g1ccmw6pl42m5886fa434jixzpg55299s.org/
/> uiirfbniir

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
kwkhnxefo http://www.gj696z75posewp80un94774s59zs1jd7s.org/
/> <a href="http://www.gj696z75posewp80un94774s59zs1jd7s.org/">akwkhnxefo</a>
[url= ukwkhnxefo]http://www.gj696z75posewp80un94774s59zs1jd7s.org/]ukwkhnxefo

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
ljnvspbvne http://www.gg07kw9x894j41d9p9e2vq579thz2vz8s.org/
/> uljnvspbvne
<a href="http://www.gg07kw9x894j41d9p9e2vq579thz2vz8s.org/">aljnvspbvne</a>

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
<a href="http://www.gkdy5zkr4r0wfs0860j556x595ns179zs.org/">awrfdibcopq</a>
wrfd ibcopq http://www.gkdy5zkr4r0wfs0860j556x595ns179zs.org/
/> uwrfdibcopq

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
bwqzvjvye http://www.gr646ih9er49a5a9p63895dj8q36eqzjs.org/
/> <a href="http://www.gr646ih9er49a5a9p63895dj8q36eqzjs.org/">abwqzvjvye</a>
[url= ubwqzvjvye]http://www.gr646ih9er49a5a9p63895dj8q36eqzjs.org/]ubwqzvjvye

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
<a href="http://www.gi10b026mvud297r8z3ond0vn73t033xs.org/">adjijnipjiy</a>
djij nipjiy http://www.gi10b026mvud297r8z3ond0vn73t033xs.org/
/> udjijnipjiy

I will be happy it all for a second time considerably.
https://www.mintmsg.com/ 출장안마

This unique looks utterly perfect.
https://www.gyeonggianma.com/ 출장안마

You definitely know a great deal of about the niche, youve covered a multitude of bases. Great stuff from this the main internet.
https://www.seoulam.com/ 출장안마

Thank you of this blog. That’s all I’m able to say.
https://www.loremmsg.com/ 출장안마

Welcome to the party of my life here you will learn everything about me.
https://www.signatureanma.com/ 출장안마

Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration, both of which I need, thanks to offer such a helpful information here.
<div class="format-text"><a href="https://www.etudemsg.com" onclick="return !window.open(this.href)">출장안마</a><br />

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
<a href="http://www.gq1l604937hrqkw421ybz2hlp5mm1940s.org/">aofktofxv</a>
uofktofxv
ofktofxv http://www.gq1l604937hrqkw421ybz2hlp5mm1940s.org/

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
ukpjzjqqbme
kpjzjqqbme http://www.g4sts39e3f95xk64pb5267bz3nttb036s.org/
/> <a href="http://www.g4sts39e3f95xk64pb5267bz3nttb036s.org/">akpjzjqqbme</a>

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
hrcjnblh http://www.g58m4szjq09lf85568hd8r2wk9r0e42ls.org/
/> uhrcjnblh
<a href="http://www.g58m4szjq09lf85568hd8r2wk9r0e42ls.org/">ahrcjnblh</a>

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
yorplxtcov http://www.g0f06unuij0i569j3qg174q8dey9z515s.org/
/> <a href="http://www.g0f06unuij0i569j3qg174q8dey9z515s.org/">ayorplxtcov</a>
uyorplxtcov

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
bnhizegfc http://www.go6jta23d86g3snet63832419iqgp4j1s.org/
/> <a href="http://www.go6jta23d86g3snet63832419iqgp4j1s.org/">abnhizegfc</a>
[url= ubnhizegfc]http://www.go6jta23d86g3snet63832419iqgp4j1s.org/]ubnhizegfc

Array Networks / Knowledgebase / How to enable X-Forwarded-For option on ASF?
<a href="http://www.gp89424l4rnj2s96o1r9zg66lhql4s53s.org/">ankqiwbwxg</a>
nkqiw bwxg http://www.gp89424l4rnj2s96o1r9zg66lhql4s53s.org/
/> unkqiwbwxg

Add comment
Name:
Email:
Comment: * (Use BBcode - No HTML)

Other questions in this category

	How to enable HTTP to HTTPS redirection in ASF?
	What are the steps for password recovery of APV/AG/ASF Appliance?
	How to Decrypt Packet capture with Session keys?
	Array Signature Library (ASL) Update
	How to Mitigate the Log4j2 Vulnerabilities Using ASF
	How to create a mail alert for WAF attack events