X-Forwarded Headers for Logical Server in vSEC for AWS
I am interested to know if there is a way to enable vSEC to apply the X-Forwarded Headers to traffic destined for Logical Server objects and, subsequently, to ELB, so that the target servers could identify the origin IP of the client.
Otherwise, servers identify ELBs as origins for all sessions.
This is discussed in this SK: CloudGuard Auto Scaling for AWS:
The connections arriving at the Security Gateways have a source IP address belonging to the proxy ELB rather than the web client.
Because the ELB is acting as a TCP proxy and not as an HTTP proxy, no "X-Forwarded-For" HTTP header is present to identify and log the original client.
Instead, the ELB is set up by the CloudFormation Template to add a Proxy Protocol header.
This allows the Security Gateways to log the original client address.
My guess is if you set up the ELB correctly, it should add the appropriate header (thus we can use it).
What I am reading in the section you are quoting is that there is a way to set it up, but it is alluding to a CloudFormation template.
Is there a breakdown of the configuration used by said template that will allow us to replicate same in the ELBs or a template for the ELB on its own with the proxy protocol header function added?
When in doubt, read the CloudFormation Script, which is just JSON.
Guessing this is the relevant bit:
XFF support is currently in the pipeline - my best guess is that it will probably be added in a future R80.30 JHF or possibly in R80.40.
Not sure exactly when, but it's coming.