Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Gold

X-Forwarded-For header

Let me preface this by saying I don't have access to the content switch, I'm a security guy. We use a 11506 Content switch to provide load balanced access to our outbound netcache HTTP proxy infrastructure. In the current environment, the switch seems to be working primarily at layer 4(NAT). The problem is that we'd like the netcache proxy logs to contain the original client ip address. In a typical proxy hierarchy, I believe the X-Forwarded-For http header is utilized for this purpose. Does the cisco content switch support this functionaly (via X-Forwarded-For or some other method)? Any links to documentation that describes how to set this up are appreciated.

1 REPLY
Cisco Employee

Re: X-Forwarded-For header

The CSS does not have the possibility to modify the http header to include the client ip or any other info.

The CSS does not require client nat.

So, if you need to know the client ip, you can change your config to have the CSS spook the client ip instead of nating. This may require some adjustments to the design, but this is ALWAYS possible to not do client nat.

Gilles.

488
Views
0
Helpful
1
Replies