ProxySG & Advanced Secure Gateway

 View Only

  • 1.  Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Posted Jun 25, 2020 04:33 PM
    Edited by Sulman Mushtaq Mushtaq Hussain Apr 25, 2021 10:06 AM
    Is it possible to disable this either for a particular source or for a destination URL or we have to disable the HTTP X-Forwarded-For header globally for all users

    ------------------------------
    Symantec Enthusiast
    ------------------------------


  • 2.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Broadcom Employee
    Posted Jun 26, 2020 10:34 AM
    Edited by Zan Phillips Jul 30, 2020 05:22 PM
    Hello Sym, 

    To answer your question: Yest it is possible and very simple.
    You will need to created a new Web Access Layer in the VPM and by following the steps provided under the Resolution section of this KB https://knowledge.broadcom.com/external/article/168647/enable-the-xforwardedfor-header-in-the-v.htmlwith the exception of step #5 we want it to be set to Suppress.
    Should look exactly like this 

    This Action will Suppress the XFF header , and then you can specify a source IP or destination URL etc in this policy.

    I hope this helps.
    Have a wonderful day.
    Slava V

    Original Message


  • 3.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Posted Jun 27, 2020 04:56 PM
    Thanks Slave for the help. Appreciate it.

    ------------------------------
    Symantec Enthusiast
    ------------------------------

    Original Message


  • 4.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Posted Jun 29, 2020 05:48 AM
    Hi Slava, actually I tried this but its still not working, I can still see the client IP. Is there anything else I need to do to get it work?

    ------------------------------
    Symantec Enthusiast
    ------------------------------

    Original Message


  • 5.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Broadcom Employee
    Posted Jun 29, 2020 11:14 AM
    Hello SymSpec, 

    The feature has been tested and working, perhaps there is no matching the policy configured to Suppress the XFF.
    Verify and confirm that there is a match in the Policy!
    If there is a match and the XFF is still not removed for the desired destination URL or Public IP or based on source client IP  then please log a technical case via the Broadcom Customer Portal.

    Slava V
    Original Message


  • 6.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Posted Jun 29, 2020 11:32 AM
    Hi Slava, thanks for the reply. Basically I have created a 2 rules in the same WAL, the first URL is accessing this specific URL to any source, the second rule below this rule is suppressing the X Forwarded-For header as described in the KB and screenshot by you. Isn't this right?

    Secondly, can I take a packet capture on Proxy which will basically show that proxysg is suppressing the header for this destination in the transaction, if yes then which field will show this in wire-shark that I need to see. Thanks

    ------------------------------
    Symantec Enthusiast
    ------------------------------

    Original Message


  • 7.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Broadcom Employee
    Posted Jun 29, 2020 12:08 PM
    Hello SymSpec,

    1. Did you Create a new Web Access Layer ? if no , you have to to ensure a match.
    2. Do you see a match in the Policy Trace for the policy you created to suppress the XFF?, if no the adjust it.

    Once you have the above covered and the answer is Yes for both, then in the pcap for the session between proxy and the OCS( URL you are trying to suppress the XFF) the request should not contain the XFF header.
    I would test this policy with an HTTP web site like example.com to ensure you have a match, cause if you are applying this policy for an HTTPS site you wont see the results in the pcap as those will be encrypted.

    Slava V
    Original Message


  • 8.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL

    Posted Jun 29, 2020 02:05 PM
    Hi Slava, thanks for the reply.

    I havent created a new WAL for this, instead I have added these two rules in the same WAL which I have for my users. Does these two rules must be in a separate WAL?

    I have enabled SSL interception for all destinations, so proxysg will decrypt all the traffic. Still I won't see the result in the pcap?

    Thanks. 


    ------------------------------
    Symantec Enthusiast
    ------------------------------

    Original Message


  • 9.  RE: Disable HTTP X-Forwarded-For header on ProxySG for one URL
    Best Answer

    Broadcom Employee
    Posted Jun 29, 2020 02:58 PM
    Edited by Zan Phillips Jul 30, 2020 05:22 PM
    Hello SymSpec, 

    1. Did you Create a new Web Access Layer ? if no , you have to, to ensure a match.
    2. Do you see a match in the Policy Trace for the policy you created to suppress the XFF?, if no then adjust the policy.

    Once you have the above covered and the answer is Yes for both, then in the pcap for the session between proxy and the OCS( URL you are trying to suppress the XFF) the request should not contain the XFF header.
    I would test this policy with an HTTP web site like example.com to ensure you have a match, cause if you are applying this policy for an HTTPS site you wont see the results in the pcap as those will be encrypted.

    Slava V
    Original Message