- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
In case someone else was using SK How to enable stripping of X-Forward-For (XFF) field
I know that it worked perfectly OK in R70.30 and we never bothered checking it after upgrades to R80.10, just assumed it worked. Today just by pure chance I stumbled across the fact that our internal IPs are being sent out in XFF header that were supposed to be stripped out.
One thing that I noticed with R80.10 is that kernel parameter ws_remove_proxy_connection_header doesn't seem to work anymore
Anyone else could verify this?
SR submitted
Since the SK says it's relevant for R80.10, it's probably worth a TAC case to investigate.
The sk speaks about two procedures (depending on the IA blade) to enable this, one in Dashboard and one in GUIdbEdit. Then we find the comment: It has been observed that XFF stripping may still not function, even if all the above steps are performed correctly, when the value of kernel parameter 'ws_remove_proxy_connection_header
' is set to 0 (zero).
It say : May !
That's why I added the screenshot - it does not recognise the parameter we were able to set/get it in R77.30
Thus why I think a TAC case is needed to investigate.
Yep, as mentioned in original post - case lodged and all logs provided. Time for weekend. Hopefully it's fixed when I return on Monday morning
Hard to admit but it was proper Homer situation.. Forgot that we ad turned off AntiBot blade few months ago and you need one of medium path blades to be active for XFF removal to work
Yep, that will definitely do it.
You meant bang myself on the head? haha yep!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY