Staff

Troubelshooting Tip: How to verify if X-Forwarded-For header is added by the FortiWeb correctly

Forum|Forum|5 months ago
January 5, 2026
0 replies
279 views

Description

This article describes the steps to verify X-Forwarded-For header is added by FortiWeb correctly.

Scope

FortiWeb.

Solution

Prerequisite:

Web Protection Profile of the Server Policy has X-Forwarded-For policy enabled.

X-Forwarded-For Policy Rule.

Before proceeding to the steps to verify that the X-Forwarded-For header is correctly added by FortiWeb to the HTTP/HTTPS requests sent to the real server, make sure that the X-Forwarded-For policy rule is enabled in the Web Protection Profile.

Configuration example of X-Forwarded-For policy:

Web Protection Profile with X-Forwarded-For policy enabled:

Verify X-Forwarded-For Header added to the HTTP requests.

To verify if FortiWeb added the X-Forwarded-For header to the HTTP requests and sent them to the backend real server, it can be done by capturing the packets received and sent at FortiWeb for the specific server policy.

In the example, FortiWeb is created with two packet capture actions, one to capture the packets received at the server policy virtual IP address and the other to capture the packets sent to the real server IP address.

Send several HTTP requests to the server policy Virtual IP address and make sure that the packets are captured. Download the PCAP files and open the file with Wireshark software. The Virtual IP PCAP file in the example does not have the X-Forwarded-For header in the HTTP request.

While looking at the Real Server IP pcap file, the HTTP request should be similar, but with an X-Forwarded-For header added in the request.

If the requests are HTTPS protocol, similar ways can be taken, but with extra steps to decrypt the HTTPS using the SSL key obtained from the FortiWeb debug command. Check out the document guide on how to decrypt HTTPS traffic in FortiWeb: Decrypting SSL packets to analyze traffic issues.