- This topic is empty.
-
Posts
-
Does Cerberus inspect the header for fields like ‘X-forwarded-for’ in order to capture the real client IP? In our environment, a Netscaler is acting as a reverse proxy in our DMZ. Cerberus only captures the Netscaler’s SNIP instead of the real client IP. I’ve tried sending ‘X-forwarded-for’ but I don’t know if Cerberus is even inspecting the header data or what field it might be looking for.
Thank you.
Yes, Cerberus looks at X-Forwarded-For header for HTTPS connection. FTP and SFTP have no such headers or standard capability to convey that the connection originated elsewhere. It’s up to the firewall to use the client IP for the source port when it forwards the connection on.
There’s nothing that needs to be enabled in Cerberus for the server to take advantage of the X-Forwarded-For header.
Thanks for your reply. Good to know it should be working for HTTPS – now to figure out why it isn’t. I added a HTTP version of my configuration so I could inspect the packets easily and verified X-Forwarded-For is in the received packets. Unfortunately, the Cerberus Log is still showing the Netscaler’s SNIP instead of the X-Forwarded-For IP. Any ideas?
Thank you.
I would make sure that you are running on the latest version of Cerberus and if so I would reach out the firewall vendor. Thanks pacman. My Cerberus version is 9.0.0.6 which appears to be the latest.
The actual packet received by the Cerberus server has X-Forwarded-For in it, but the Cerberus Log is not referencing it. Not sure what I could tell the reverse proxy vendor given the fact that the header is being appended properly. Perhaps I’m missing something or there is a bug in this version of Cerberus… does the case sensitivity of the header field matter in any way?
Update: I blocked my IP and verified it is processing the X-Forwarded-For properly – so it is just the Log that is not representing that information apparently.
- You must be logged in to reply to this topic.