Support Center > Search Results > SecureKnowledge Details
The "X-Forward-For" (XFF) header is not stripped from web traffic when Security Gateway is configured as HTTP/HTTPS Proxy in Non Transparent mode
Symptoms
  • The "X-Forward-For" (XFF) header is not stripped from web traffic (internal client IP address is revealed to Internet) by Security Gateway in the following scenario:

    • Example topology:
      Client -> Squid Proxy (using CP GW as next proxy) -> CP GW (configured as Non Transparent Proxy) -> Internet
    • Security Gateway is configured as HTTP/HTTPS Proxy in Non Transparent mode:
      Security Gateway object - HTTP/HTTPS Proxy pane - Advanced
    • "X-Forward-For header (original client source IP address)" box is checked in:
      Security Gateway object - HTTP/HTTPS Proxy pane - Advanced
    • Identity Awareness blade is enabled
  • Disabling HTTP/HTTPS Proxy on Security Gateway resolves the issue (the XFF header is stripped correctly).

Solution
Note: To view this solution you need to Sign In .