Description
This article describes how to add x-fowarded-for header to all HTTP traffic handled by an explicit proxy policy.
Solution
When FortiGate is configured as explicit proxy, add x-forwarded-for header to all HTTP traffic accepted by the proxy policy is possible.
Create explicit web proxy profiles that can add x-forwarded-for header is possible.
Create web profile profile from CLI:
# config web-proxy profile
edit <name>
set header-x-forwarded-for add <----- This command will add x-forwarded-for header.
end
Use the following command to add above web proxy profile to an running explicit proxy policy:
# config firewall proxy-policy
edit <id>
set webproxy-profile <name>
end
NOTE: x-forwarded-for header is a standard header for identifying the original IP address of a client connecting to Fortigate proxy.
This header can be useful when FortiGate is placed below an existing proxy (3rd party Proxy) and that proxy unit needs to enforce action based on the IP address kept in the 'X-Forwarded-For' header instead of the actual source IP address - which is the address of the FortiGate.
From FortiOS 5.6v with a 3.2x IPS engine (at least) are able to process the 'X-Forwarded-For' IPs into the IPS logs.
Related Articles
Technical Note: X-Forwarded-For and True-Client-IP options for Flow-Based UTM on FortiGate
Technical Tip: How to add X-forwarded headers to the traffic towards protected Webserver behind Fort...
