Some websites return an error when X-Forwarded-For header is present in request.

Solution

Overview

There are websites that return errors indicating that requests cannot be processed when accessing via a proxy that is configured to append an X-Forwarded-For header to outbound HTTP requests.

Some companies have a requirement to identify the originating client IP address for requests that are sent outbound from their proxy. So as a solution, the proxy is configured to append an HTTP X-Forwarded-For header which provides the originating client IP address as the value so that upstream monitoring tools will be able to track this information (see 000010319 for more information). However, some web servers will return an error when receiving a request with an X-Forwarded-For header. One example website is www.tracktracer.com which will return an error when logging into the site with these HTTP headers present in the request.

 

Cause
Resolution

When the described issue has been identified to be the cause of a problem accessing a website, it can be addressed by setting policy to suppress the X-Forwarded-For header when accessing the specific website through the proxy.

You can do this by creating a rule within the VPM of the ProxySG on a web access layer with a "Control Request Header" action. In that action the settings would appear as shown in the image below:

 

In the destination field of that rule, you will want to use a Request URL object or a Request URL Category object which lists the website(s) or destination IP addresses in question. Your rule would appear as shown below:

In CPL format, the policy rule would appear as shown below if you were to use it alone in a layer:

<Proxy> 

condition= X-Forwarded-For_Suppressed_URLs  action. Suppress_X-Forwarded_For(yes)

define condition X-Forwarded-For_Suppressed_URLs ; Sites that have problem with 'X-Forwarded-For' header
;--replace this line with a website you're having the issue with (example in red below)--;
url.domain=tracktracer.com
end

define action Suppress_X-Forwarded_For
delete(request.header.X-Forwarded-For)
end action Suppress_X-Forwarded_For

 

*See the following KB article for instructions on installing CPL in your local policy file 000010101

Workaround
Additional Information
Bug Number
InQuira Doc IdKB5036
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat