Fortiweb X-Forwarded-For not Showing Original IP of visitor from Web Server
We have are deploying Fortiweb in between our Fortigate and Web Server, in one-arm reverse proxy mode. Our webserver needs to capture the original IP of web visitors, but the webserver could only see the IP of the FortiWeb. I have already enabled X-Forwarded-For options on the Fortiweb.
From the packet capture of Fortiweb, we could see that the X-Forwarded-For IP is seen on the extracted packet logs. However, original IP is not appearing on the source of "Attack Logs" also, while not sure if this has any effects.
And from the backend programming of the webserver, we have tried all the method to capture headers like REMOTE_ADDR, HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP, etc. Still it is showing the IP of Fortiweb only.
184.108.40.206 (sample public IP of web visitor) -> [10.10.10.5 (Fortigate WAN) -> 10.0.2.5 (Fortigate LAN) ] -> 10.0.2.6 (Fortiweb) -> 10.0.2.7 (webserver)
With the above, our web server is working but should be able to log the 220.127.116.11 as the original IP of visitor. But it could only see the IP of fortiweb 10.0.2.6 as value or x-forwarded-for or remote-addr.
Hopefully someone could have an insight to this. Our webserver do really need to log the Original IP of visitor.
Hope you are doing fine. In regards to the "X-Forwarded-For" header, if you are able to capture the header in the pcap, then it would be a correct setup in FortiWeb.
While the next thing will be the webserver to capture the "X-Forwarded-For" header value and log as the clients' IP. There're example for webserver like IIS and Apache that you can probably check it out. Hope it'll help.
The two link you forwarded are similar, it was for Apache. Do have for IIS?
There was a progress, X-Forwarded-For is appearing when on HTTP. But on not HTTPS. Even the Fortiweb's attack log is showing Original IP on HTTP but internal IP on HTTPS. As it only happens on HTTPS, I did check if there is anything wrong with the SSL/certs, but it is correctly configured. Do you have insight on this?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.