wsa reading the x-forwarded-for field

mulhollandm · ‎09-10-2013

folks

i'm hoping you can help me with a query

i have a load balancer in front of my wsas and i have a requirement for the wsa to read the original source ip of a client but i can't put the load balancer inline

so i've opted to have the load balancer pass the original ip in the http header using the x-forwarded-for filed but my logs still show the load balancers ip

i've checked a packet capture taken on the wsa and the original ip is in the htpt header

what do i need to do to have the wsa read the value in the x-forwarded-for field

thanks to anyone taking the time to read this

mulhollandm · ‎09-11-2013

folks

for info

i found how to do this

under SYSTEM ADMINISTRATION | LOG SUBSCRIPTIONS | ACCESS LOGS by adding the %f value in the custom field

i still have issues as i think policy is applied to the load balancer address and not that in the x-forwarded-for field

also, the loadbalancers ip also still seems to be in the logs

i'll work on it and update this when i get a result

thanks

mulhollandm · ‎09-15-2013

folks

upgraded to the latest os and there's an option under SECURITY SERVICES | WEB PROXY to read the x-forwarded field and to define the proxy ip

i've configured this and i'm seeing the ip of the client ok now but i'm still seeing the proxy ip as well

any views?

Vance Kwan · ‎09-16-2013

Hi there,

The WSA does not support this. It will not get the source IP from the X-Forwarded-For header.

Loadbalancer deployments typically just manipulate the MAC address (not IP) and deliver it via Layer 2.

-Vance

mulhollandm · ‎09-16-2013

vance

many thanks for your reply

due to my topology my load balancer delivers traffic via layer 3

i can now see the client ip in my logs but i also see the load balancers as well - looks like i may just have to live with this

don't suppose you've had a chance to consider my other post on ldap debugging

thanks again