HTTPS Inspection and 'X-Forward-For' (XFF) HTTP header when inspecting proxy traffic

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk92839
Technical Level
Product	HTTPS Inspection
Version	R75.40 (EOL), R75.40VS (EOL), R75.45 (EOL), R75.46 (EOL), R75.47 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20 (EOL), R77.30 (EOL), R80.10, R80.20
OS	Gaia, SecurePlatform 2.6, Crossbeam XOS, IPSO 6.2
Platform / Model	All
Date Created	19-May-2013
Last Modified	23-Aug-2021

Symptoms

Application Control and URL Filtering Blades cannot use the 'X-Forward-For header' Proxy configuration option when working on HTTPS traffic via HTTPS Inspection (SmartDashboard - Check Point Security Gateway object - 'Identity Awareness' pane - section 'Proxy Support for Application Control and URL Filtering Blades').

Cause

Since the traffic from the Client is encrypted, it is impossible for the Proxy to modify it and add X-Forward-For header.

Solution

Note: To view this solution you need to Sign In .