Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
1
Replies

Does the Cisco ASA version 9.2 with IPS handle detecting X-Forwarded-For IP addresses?

Whit Richardson
Level 1
Level 1

‎12-18-2014 10:52 AM - edited ‎03-10-2019 06:18 AM

We have two Cisco ASA 5545's fronting our Internet traffic a lot of it comes from Akamai. Because we use a CDN if an attacker uses them to start an attack the ASA is seeing an IP from Akamai that is allowed.  Can the IPS or IDS read the X-Forwarded-For field to catch this potential problem?  

 

Labels:
0 Helpful
1 Reply 1

androdri
Level 1
Level 1

‎12-19-2014 11:50 AM

Hello Whit

The Legacy Cisco IPS does not break out the X-Forwarded-For field,  but you may be able to use the service-http engine header-regex to detect  the string X-Forward-For field and corresponding malicious content in that field.

If you require any further assistance Cisco TAC can assist you or direct you to the correct parties.

 

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card