Solutions

Some websites return an error when X-Forwarded-For header is present in request.

Solutions ID:    KB5036
Version:    8.0
Status:    Published
Published date:    03/30/2012
Updated:    01/08/2014
 

Problem Description

There are websites that return errors indicating that requests cannot be processed when accessing via a proxy that is configured to append an X-Forwarded-For header to outbound HTTP requests.

Some companies have a requirement to identify the originating client IP address for requests that are sent outbound from their proxy. So as a solution, the proxy is configured to append an HTTP X-Forwarded-For header which provides the originating client IP address as the value so that upstream monitoring tools will be able to track this information (see KB2996 for more information). However, some web servers will return an error when receiving a request with an X-Forwarded-For header. One example website is www.tracktracer.com which will return an error when logging into the site with these HTTP headers present in the request.

 

Resolution

When the described issue has been identified to be the cause of a problem accessing a website, it can be addressed by setting policy to suppress the X-Forwarded-For header when accessing the specific website through the proxy.

You can do this by creating a rule within the VPM of the ProxySG on a web access layer with a "Control Request Header" action. In that action the settings would appear as shown in the image below:

 

In the destination field of that rule, you will want to use a Request URL object or a Request URL Category object which lists the website(s) or destination IP addresses in question. Your rule would appear as shown below:

In CPL format, the policy rule would appear as shown below if you were to use it alone in a layer:

<Proxy> 

condition= X-Forwarded-For_Suppressed_URLs  action. Suppress_X-Forwarded_For(yes)

define condition X-Forwarded-For_Suppressed_URLs ; Sites that have problem with 'X-Forwarded-For' header
;--replace this line with a website you're having the issue with (example in red below)--;
url.domain=tracktracer.com
end

define action Suppress_X-Forwarded_For
delete(request.header.X-Forwarded-For)
end action Suppress_X-Forwarded_For

 

*See the following KB article for instructions on installing CPL in your local policy file KB3495


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question