Re: HTTP XFF header not being removed in R80.10

Kaspars_Zibarts · ‎2018-08-24

In case someone else was using SK How to enable stripping of X-Forward-For (XFF) field

I know that it worked perfectly OK in R70.30 and we never bothered checking it after upgrades to R80.10, just assumed it worked. Today just by pure chance I stumbled across the fact that our internal IPs are being sent out in XFF header that were supposed to be stripped out.

One thing that I noticed with R80.10 is that kernel parameter ws_remove_proxy_connection_header doesn't seem to work anymore

Anyone else could verify this?

SR submitted

PhoneBoy · ‎2018-08-24

Since the SK says it's relevant for R80.10, it's probably worth a TAC case to investigate.

G_W_Albrecht · ‎2018-08-24

The sk speaks about two procedures (depending on the IA blade) to enable this, one in Dashboard and one in GUIdbEdit. Then we find the comment: It has been observed that XFF stripping may still not function, even if all the above steps are performed correctly, when the value of kernel parameter 'ws_remove_proxy_connection_header' is set to 0 (zero).

It say : May !

Kaspars_Zibarts · ‎2018-08-24

That's why I added the screenshot - it does not recognise the parameter we were able to set/get it in R77.30

PhoneBoy · ‎2018-08-24

Thus why I think a TAC case is needed to investigate.

Kaspars_Zibarts · ‎2018-08-24

Yep, as mentioned in original post - case lodged and all logs provided. Time for weekend. Hopefully it's fixed when I return on Monday morning

Kaspars_Zibarts · ‎2018-09-03

Hard to admit but it was proper Homer situation.. Forgot that we ad turned off AntiBot blade few months ago and you need one of medium path blades to be active for XFF removal to work

PhoneBoy · ‎2018-09-04

Yep, that will definitely do it.

Kaspars_Zibarts · ‎2018-09-04

You meant bang myself on the head? haha yep!