https://community.checkpoint.com/t5/Firewall-and-Security-Management/operation-of-the-XFF-Proxy-function/m-p/229806#M44231 <P>Hi guys.<BR />We have a customer who is using the firewall as a non-transparent proxy and he shared with us some questions about the operation of XFF about which we did not find too much information published.<BR />The first question is regarding the handling of XFF.<BR />It is how to disable the output of the XFF header so that the proxy does not send the client's original IP to the destination server.<BR />Can rules be configured in the firewall to identify the user or computer by the XFF content?<BR />Can proxy Path be implemented in DNS so that DNS resolves to the proxy IP instead of an end server IP, redirecting traffic through that proxy for proper handling?</P> Tue, 15 Oct 2024 19:30:44 GMT Agust 2024-10-15T19:30:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/operation-of-the-XFF-Proxy-function/m-p/229806#M44231 <P>Hi guys.<BR />We have a customer who is using the firewall as a non-transparent proxy and he shared with us some questions about the operation of XFF about which we did not find too much information published.<BR />The first question is regarding the handling of XFF.<BR />It is how to disable the output of the XFF header so that the proxy does not send the client's original IP to the destination server.<BR />Can rules be configured in the firewall to identify the user or computer by the XFF content?<BR />Can proxy Path be implemented in DNS so that DNS resolves to the proxy IP instead of an end server IP, redirecting traffic through that proxy for proper handling?</P> Tue, 15 Oct 2024 19:30:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/operation-of-the-XFF-Proxy-function/m-p/229806#M44231 Agust 2024-10-15T19:30:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/operation-of-the-XFF-Proxy-function/m-p/229812#M44232 <P>You can disable XFF by one of the two methods here:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk100223" target="_blank">https://support.checkpoint.com/results/sk/sk100223</A>&nbsp;<BR />You can perform inspection based on XFF as described here:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide/Content/Topics-IDAG/Configuring-Identity-Awareness-Identifying-Users-behind-HTTP-Proxy-Server.htm" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide/Content/Topics-IDAG/Configuring-Identity-Awareness-Identifying-Users-behind-HTTP-Proxy-Server.htm</A></P> <P>I'm not familiar with implementing a proxy path in DNS.<BR />You can forward all requests to a different proxy server by following:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk101395" target="_blank">https://support.checkpoint.com/results/sk/sk101395</A></P> <P>Please note the known performance impact of operating in explicit proxy mode:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk92482" target="_blank">https://support.checkpoint.com/results/sk/sk92482</A>&nbsp;</P> Tue, 15 Oct 2024 20:03:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/operation-of-the-XFF-Proxy-function/m-p/229812#M44232 PhoneBoy 2024-10-15T20:03:43Z