Hi Slava, thanks for the reply. Basically I have created a 2 rules in the same WAL, the first URL is accessing this specific URL to any source, the second rule below this rule is suppressing the X Forwarded-For header as described in the KB and screenshot by you. Isn't this right?
Secondly, can I take a packet capture on Proxy which will basically show that proxysg is suppressing the header for this destination in the transaction, if yes then which field will show this in wire-shark that I need to see. Thanks
------------------------------
Symantec Enthusiast
------------------------------
Original Message:
Sent: 06-29-2020 11:14 AM
From: Slava Vasilasco
Subject: Disable HTTP X-Forwarded-For header on ProxySG for one URL
Hello SymSpec,
The feature has been tested and working, perhaps there is no matching the policy configured to Suppress the XFF.
Verify and confirm that there is a match in the Policy!
If there is a match and the XFF is still not removed for the desired destination URL or Public IP or based on source client IP then please log a technical case via the Broadcom Customer Portal.
Slava V
Original Message:
Sent: 06-29-2020 05:48 AM
From: sulman mushaq
Subject: Disable HTTP X-Forwarded-For header on ProxySG for one URL
Hi Slava, actually I tried this but its still not working, I can still see the client IP. Is there anything else I need to do to get it work?
------------------------------
Symantec Enthusiast
Original Message:
Sent: 06-26-2020 10:34 AM
From: Slava Vasilasco
Subject: Disable HTTP X-Forwarded-For header on ProxySG for one URL
Hello Sym,
To answer your question: Yest it is possible and very simple.
You will need to created a new Web Access Layer in the VPM and by following the steps provided under the Resolution section of this KB https://knowledge.broadcom.com/external/article/168647/enable-the-xforwardedfor-header-in-the-v.html, with the exception of step #5 we want it to be set to Suppress.
Should look exactly like this
Original Message:
Sent: 06-25-2020 04:32 PM
From: sulman mushaq
Subject: Disable HTTP X-Forwarded-For header on ProxySG for one URL
We have enabled the HTTP X-Forwarded-For header on ProxySG for all users and destinations, however we have a requirement where we want HTTP X-Forwarded-For header to be disabled for one particular source computer or for a destination URL. Is it possible to disable this either for a particular source or for a destination URL or we have to disable the HTTP X-Forwarded-For header globally for all users
------------------------------
Symantec Enthusiast
------------------------------