05-31-2018 01:46 PM - edited 03-08-2019 07:45 PM
Our customer is asking whether it is possible to configure the WSA with XFF (X-Forwarding-for) and XAU (X-Authenticated-User) headers. I think they need to receive that user information on a CASB Service.
I read that it seems to be possible to configure XFF through the CLI: >advanceproxyconfig and >miscellaneous. (right?- only enable it?)
What about the other header? Anyone knows if it's possible?
Thanks!!
Solved! Go to Solution.
07-08-2018 05:38 PM
Hi,
For XFF header, WSA can be configured to read XFF header from downstream or load balancer and to send out XFF header to upstream.
You can configure this from GUI as well under Security Services -> Web Proxy -> Generate Headers -> X-Forwarded-For set to send (this is to send out XFF header to upstream).
If its to read XFF header from downstream or load balancer, Security Services -> Web Proxy -> Use Received Headers -> enable Identification of Client IP Addresses using X-Forwarded-For -> enter your downstream or load balancer IP address.
For X-Authenticated-User header, WSA only used this header for DLP processing and logging. However not support this for sending it out to upstream traffic in the TCP header.
Hope this helps
Regards
Handy Putra
07-08-2018 05:38 PM
Hi,
For XFF header, WSA can be configured to read XFF header from downstream or load balancer and to send out XFF header to upstream.
You can configure this from GUI as well under Security Services -> Web Proxy -> Generate Headers -> X-Forwarded-For set to send (this is to send out XFF header to upstream).
If its to read XFF header from downstream or load balancer, Security Services -> Web Proxy -> Use Received Headers -> enable Identification of Client IP Addresses using X-Forwarded-For -> enter your downstream or load balancer IP address.
For X-Authenticated-User header, WSA only used this header for DLP processing and logging. However not support this for sending it out to upstream traffic in the TCP header.
Hope this helps
Regards
Handy Putra
02-06-2020 12:27 AM
Hi Handy Putra,
Is the WSA able to receive "X-Authenticated-User" from the "downstream proxy"?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide