Client IP address isn't visible to the Sensor after you enable X-Forwarded-For in your Threat Management Gateway
Last Modified: 2024-01-23 12:11:20 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Client IP address isn't visible to the Sensor after you enable X-Forwarded-For in your Threat Management Gateway
Technical Articles ID:
KB85570
Last Modified: 2024-01-23 12:11:20 Etc/GMT EnvironmentTrellix Intrusion Prevention System
Winfrasoft X-Forwarded-For (XFF) plug-in for TMG ProblemWhen you enable the XFF plug-in on your TMG server, you expect the Sensor and Manager to display the client IP behind the proxy. But, the client IP doesn't display and you see only the proxy IP address.
CauseXFF for TMG protects internal IP information by removing the XFF field from the HTTP header when it detects the last proxy server in a chain; for example, when there's no web chaining rule. So, the proxy server closest to the internet removes the XFF data before the request is made to the internet.
SolutionThe XFF for TMG download package includes a scripts folder, which contains the following configuration script files:
These scripts configure the function of XFF for TMG on the last proxy server in a chain, and how it handles retention of the XFF HTTP header data. To expose the correct IP, run the scripts
Affected ProductsLanguages:This article is available in the following languages: |
|