HTTPS Inspection and 'X-Forward-For' (XFF) HTTP header when inspecting proxy traffic

SUPPORT CENTER
USER CENTER / PARTNER MAP
CYBER TALK FOR EXECUTIVES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Blog
- Chinese
- Japanese
- Russian

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk92839
Product	HTTPS Inspection
Version	R75.40, R75.40VS, R75.45, R75.46, R75.47, R76, R77, R77.10, R77.20, R77.30, R80.10, R80.20
OS	Gaia, SecurePlatform 2.6, Crossbeam XOS, IPSO 6.2
Platform / Model	All
Date Created	2013-05-19 00:00:00.0
Last Modified	2019-01-23 01:39:33.0

Symptoms

Application Control and URL Filtering Blades cannot use the 'X-Forward-For header' Proxy configuration option when working on HTTPS traffic via HTTPS Inspection (SmartDashboard - Check Point Security Gateway object - 'Identity Awareness' pane - section 'Proxy Support for Application Control and URL Filtering Blades').

Cause

Since the traffic from the Client is encrypted, it is impossible for the Proxy to modify it and add X-Forward-For header.

Solution

Note: To view this solution you need to Sign In .

THREAT INTELLIGENCE