https://community.checkpoint.com/t5/Firewall-and-Security-Management/performance-impact-of-adding-XFF-header/m-p/208683#M39508 <P>At minimum you need to activate APCL/URLF and HTTPS Inspection as all HTTP Headers are encrypted.<BR />Not sure what the performance impact is above and beyond that.</P> Wed, 13 Mar 2024 15:22:53 GMT PhoneBoy 2024-03-13T15:22:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/performance-impact-of-adding-XFF-header/m-p/208312#M39441 <P>Following&nbsp;<A href="https://support.checkpoint.com/results/sk/sk167578" target="_blank">XFF Header injection over source NATed HTTP/S connections (checkpoint.com)</A>&nbsp;we can add XFF-header to every http request.</P> <P>Any experience out there which performance impact has this feature ? I've a feeling that changing every http/https-request needs a lot.</P> <P>I think to add the XFF-header to a HTTPS-request full HTTPS inspection is needed. From the requirements in sk167578 "<SPAN>For HTTPS traffic: Enable HTTPS inspection on the relevant connections.</SPAN><SPAN>"&nbsp;</SPAN></P> <P><SPAN>But I'm not sure if the XFF-header is part of the whole encrypted HTTP-request-header or maybe readable unencrypted ?</SPAN></P> Mon, 11 Mar 2024 12:42:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/performance-impact-of-adding-XFF-header/m-p/208312#M39441 Wolfgang 2024-03-11T12:42:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/performance-impact-of-adding-XFF-header/m-p/208683#M39508 <P>At minimum you need to activate APCL/URLF and HTTPS Inspection as all HTTP Headers are encrypted.<BR />Not sure what the performance impact is above and beyond that.</P> Wed, 13 Mar 2024 15:22:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/performance-impact-of-adding-XFF-header/m-p/208683#M39508 PhoneBoy 2024-03-13T15:22:53Z