Staff

Technical Tip: How to send the original IP from a Proxy (with Proxy protocol) to the backend server that does not support Proxy protocol

Forum|Forum|1 year ago
September 27, 2024
0 replies
744 views

Description

The article explains how to send the original IP coming from a Proxy (with Proxy Protocol) to a backend server that does not support Proxy protocol while using Fortiweb.

Scope

FortiWeb.

Solution

Enable Proxy protocol on Server policy on FortiWeb:

Note:

'use-proxy-protocol-addr' should be kept enabled as per default settings:

config server-policy policy

edit "Policy1"

set use-proxy-protocol-addr enable

Configure X-Forwarded-Rule to send the original IP (that FortiWeb parsed from incoming Proxy Protocol) to the backend server that only supports X-Forwarded-For to extract the original IP:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded