Q&A: Does Silverline append additional IP addresses in the X-Forwarded-For?

Question

Does Silverline append more IP address in the X-Forwarded-For?

Environment

Silverline WAF
Proxy/Proxies
- Insert XFF

Answer

Yes, by having X-Forwarded-For enabled, Silverline appends the last Client IP from the request.
- Example: “X-Forwarded-For: 192.168.1.100, 192.168.1.200”

Screen_Shot_2021-01-21_at_8.52.21_PM.png

If your web application is coded to simply grab the first or leftmost IP address in the list, this can lead to a spoofing attack, to only have one IP address we can implement an iRule to rewrite Client IP with the Last Client IP: Q&A: Is it Possible to Configure/Forward Only the Last Client IP in the X-Forwarded-For (XFF) Header?

Related Content

Q&A: Is it Possible to Configure/Forward Only the Last Client IP in the X-Forwarded-For (XFF) Header?
How to Configure Advanced (Proxy) - where to configure X-forwarded for

Have more questions? Submit a request