IMPORTANT: This change has been withdrawn. We'll send out a notification and update this article when this feature is re-enabled.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
The X-Forwarded-For (XFF) header is now forwarded to the UCE and WGCS rule engines. The XFF header was previously not forwarded.
The following table summarizes all changes based on the authentication scenarios after forwarding the XFF header, if that header is included in the client request.
The
MWG.Client.IP and
Client.IP properties receive values depending on authentication.
|
MCP |
SAML/IP |
IPsec |
Behavior on MWG |
UCE |
MWG.ClientIP receives the value from the MCP header |
MWG.ClientIP now receives the value from XFF. |
MWG.ClientIP is still the tunnel endpoint, ignoring the XFF header. |
Customer policy controls the forward of the XFF header to the web server. It's disabled in the default setting. |
WGCS |
Client.IP now receives the value from XFF
TrueClient.IP from the MCP header |
Client.IP now receives the value from XFF. |
Client.IP is still the tunnel endpoint, ignoring the XFF header. |
The original XFF header is never sent to the web server. There's no option to enable it. |
Changes to Logging:
- UCE logs the Client IP from the XFF header.
- There's no change to WGCS logging.