This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Agust
Contributor
‎2024-10-15 12:30 PM
Jump to solution

operation of the XFF Proxy function

Hi guys.
We have a customer who is using the firewall as a non-transparent proxy and he shared with us some questions about the operation of XFF about which we did not find too much information published.
The first question is regarding the handling of XFF.
It is how to disable the output of the XFF header so that the proxy does not send the client's original IP to the destination server.
Can rules be configured in the firewall to identify the user or computer by the XFF content?
Can proxy Path be implemented in DNS so that DNS resolves to the proxy IP instead of an end server IP, redirecting traffic through that proxy for proper handling?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-10-15 01:03 PM
Jump to solution

You can disable XFF by one of the two methods here: https://support.checkpoint.com/results/sk/sk100223 
You can perform inspection based on XFF as described here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide...

I'm not familiar with implementing a proxy path in DNS.
You can forward all requests to a different proxy server by following: https://support.checkpoint.com/results/sk/sk101395

Please note the known performance impact of operating in explicit proxy mode: https://support.checkpoint.com/results/sk/sk92482 

View solution in original post

1 Reply
PhoneBoy
Admin
Admin
‎2024-10-15 01:03 PM
Jump to solution

You can disable XFF by one of the two methods here: https://support.checkpoint.com/results/sk/sk100223 
You can perform inspection based on XFF as described here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide...

I'm not familiar with implementing a proxy path in DNS.
You can forward all requests to a different proxy server by following: https://support.checkpoint.com/results/sk/sk101395

Please note the known performance impact of operating in explicit proxy mode: https://support.checkpoint.com/results/sk/sk92482 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events