- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
I'm wondering if it's possible to specify additional headers to be used by checkpoint in order to parse and retrieve the proxied source IP field in IPS alerts (other than XFF).
I have a reverse proxy which adds a different http header than X-Forwarded-For (called slightly differently), i suppose CheckPoint parses only the XFF header in order to get the proxied source IP and does not recognize the header from my reverse proxy. Due to it not recognizing that specific header some exclusions will not work, as both the source IP and proxied source ip in the IPS alerts are set to the IP of the reverse proxy itself.
If it would be possible to add additional headers like XFF for proxy source ip parsing that would solve the problem, if that's not possible, are there any other easy solution for exclusions to work properly by configuring checkpoint itself or does this require reconfiguration of the reverse proxy?
Setting the XFF header is the standard setting for a webproxy to set the original client IP. I think there is no way to change the analysed header, looking for another then XFF. If you can change your proxy to set standard XFF header this will be the way to go.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY