cancel
Showing results for 
Search instead for 
Did you mean: 
dbottino
Level 9

Remove X-Forwarded-For

Jump to solution

Hi All,

is it possible that "Remove X-Forwarded-For" could block the access on a webpage (internet banking for example) ?

in other word, "X-Forwarder-For Header" could be necessary for some website?

thanks in advance

Regards

Daniele

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Remove X-Forwarded-For

Jump to solution

IF you have a server that needs to apply policy on the original client IP then you shold leave the header in.

However, in general web servers don't rely on XFF, so it is fairly save to strip that.

If you have a special server in need to that you can create a rule specifically for that server to keep the header, but as said - in general not needed and you should even remove that as it will display internal IPs to the outside world and thus you have a leakage issue.

thanks,

Michael

0 Kudos
4 Replies
yuems
Level 11

Re: Remove X-Forwarded-For

Jump to solution

Hi,

I know that remove "Content-Encoding" could block access on a webpage but removing XFF never be a problem for me. Did you try to connect webpage without remove XFF?

0 Kudos
McAfee Employee

Re: Remove X-Forwarded-For

Jump to solution

IF you have a server that needs to apply policy on the original client IP then you shold leave the header in.

However, in general web servers don't rely on XFF, so it is fairly save to strip that.

If you have a special server in need to that you can create a rule specifically for that server to keep the header, but as said - in general not needed and you should even remove that as it will display internal IPs to the outside world and thus you have a leakage issue.

thanks,

Michael

0 Kudos
dbottino
Level 9

Re: Remove X-Forwarded-For

Jump to solution

thank you all!

your suggestions was very helpful!

Daniele

0 Kudos
jcesare
Level 7

Re: Remove X-Forwarded-For

Jump to solution

dbottino wrote:

Hi All,

is it possible that "Remove X-Forwarded-For" could block the access on a webpage (internet banking for example) ?

in other word, "X-Forwarder-For Header" could be necessary for some website?

 

thanks in advance

Regards

Daniele


 

Hello,

We are seeing this be an issue for sites hosted on Akamai.  Has anyone else seen this?

Thanks,

Joey

0 Kudos