Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
Employee Employee
Employee

HTTP XFF header not being removed in R80.10

In case someone else was using SK How to enable stripping of X-Forward-For (XFF) field 

I know that it worked perfectly OK in R70.30 and we never bothered checking it after upgrades to R80.10, just assumed it worked. Today just by pure chance I stumbled across the fact that our internal IPs are being sent out in XFF header that were supposed to be stripped out.

One thing that I noticed with R80.10 is that kernel parameter ws_remove_proxy_connection_header doesn't seem to work anymore 

Anyone else could verify this?

SR submitted

8 Replies
PhoneBoy
Admin
Admin

Since the SK says it's relevant for R80.10, it's probably worth a TAC case to investigate.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The sk speaks about two procedures (depending on the IA blade) to enable this, one in Dashboard and one in GUIdbEdit. Then we find the comment: It has been observed that XFF stripping may still not function, even if all the above steps are performed correctly, when the value of kernel parameter 'ws_remove_proxy_connection_header' is set to 0 (zero).

It say : May !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

That's why I added the screenshot - it does not recognise the parameter Smiley Sad we were able to set/get it in R77.30

0 Kudos
PhoneBoy
Admin
Admin

Thus why I think a TAC case is needed to investigate.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Yep, as mentioned in original post - case lodged and all logs provided. Smiley Happy Time for weekend. Hopefully it's fixed when I return on Monday morning

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Hard to admit but it was proper Homer situation.. Forgot that we ad turned off AntiBot blade few months ago and you need one of medium path blades to be active for XFF removal to work

0 Kudos
PhoneBoy
Admin
Admin

Yep, that will definitely do it.  

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

You meant bang myself on the head? haha yep!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events