Question
- Does Silverline append more IP address in the X-Forwarded-For?
Environment
- Silverline WAF
-
Proxy/Proxies
-
Insert XFF
-
Answer
- Yes, by having X-Forwarded-For enabled, Silverline appends the last Client IP from the request.
- Example:
“X-Forwarded-For: 192.168.1.100, 192.168.1.200”
- Example:
- If your web application is coded to simply grab the first or leftmost IP address in the list, this can lead to a spoofing attack, to only have one IP address we can implement an iRule to rewrite Client IP with the Last Client IP: Q&A: Is it Possible to Configure/Forward Only the Last Client IP in the X-Forwarded-For (XFF) Header?
Related Content
- Q&A: Is it Possible to Configure/Forward Only the Last Client IP in the X-Forwarded-For (XFF) Header?
- How to Configure Advanced (Proxy) - where to configure X-forwarded for