The XFF is added by default with MWG7.
How are you looking to see it exists?
I was using tcpdump (dumped the complete conversation) and there is NO x-forwarded-for header to see. It it removed by the webgateway 7.
no, even when I am using a global whitelist and stop the cycle right at the beginning, the x-forwarded-for header is not part of the http header. There is no rule that removes it. Is it possible to search in the policy for any rule containing the word x-forwarded-for???
There isnt a search mechanism to search for the use of an event, but it is easy enough to click show details and look at the rule events.
If you open an SR please let me know the #.
we are encountering the same problem here:
o xff is added correctly (even in chaining) when using http
o xff is NOT added when using https (with ssl-scanning enabled)
o we use NO rule removing this header for ssl
Any help would be great
ok - waiting on the hotline i found the reason myself:
In the appliance-configuration under proxies/advanced i found the setting "HTTPS: Remove all HopByHopHeaders" - I had not expected such a setting here (expected a RULE removing the headers - but there was no such thing).
Interesting there is only a checkbox for HTTPS not for HTTP - so sending internal IPs to the WWW by HTTP is no security-problem, eh?
=> Disabled setting and added rule removing the headers (depending on destination ip)
The only difficulty now is to find the proper place for the rule as it has to be placed AFTER enabling of SSL-scanning and BEFORE any non-blocking stop-ruleset-rule.... (correct?)
I don´t think you need to find a specific place for the rule that controls the header behaviour. Important is that - at the end of the request cycle - the header is removed, otherwise it will be forwarded. If you block the request it will not leave the proxy, so it shouldn´t matter.