- This topic is empty.
October 23, 2017 at 6:26 pm #30928
Does Cerberus inspect the header for fields like ‘X-forwarded-for’ in order to capture the real client IP?
In our environment, a Netscaler is acting as a reverse proxy in our DMZ. Cerberus only captures the Netscaler’s SNIP instead of the real client IP. I’ve tried sending ‘X-forwarded-for’ but I don’t know if Cerberus is even inspecting the header data or what field it might be looking for.
Thank you.October 24, 2017 at 3:06 pm #37762pacmanParticipant
Yes, Cerberus looks at X-Forwarded-For header for HTTPS connection.
FTP and SFTP have no such headers or standard capability to convey that the connection originated elsewhere. It’s up to the firewall to use the client IP for the source port when it forwards the connection on.
There’s nothing that needs to be enabled in Cerberus for the server to take advantage of the X-Forwarded-For header.October 25, 2017 at 4:29 pm #37760
Thanks for your reply. Good to know it should be working for HTTPS – now to figure out why it isn’t.October 25, 2017 at 8:13 pm #37761 I added a HTTP version of my configuration so I could inspect the packets easily and verified X-Forwarded-For is in the received packets. Unfortunately, the Cerberus Log is still showing the Netscaler’s SNIP instead of the X-Forwarded-For IP.
Thank you.October 26, 2017 at 5:38 pm #37763pacmanParticipant
I would make sure that you are running on the latest version of Cerberus and if so I would reach out the firewall vendor.October 26, 2017 at 6:19 pm #37764 Thanks pacman.
My Cerberus version is 22.214.171.124 which appears to be the latest.
The actual packet received by the Cerberus server has X-Forwarded-For in it, but the Cerberus Log is not referencing it. Not sure what I could tell the reverse proxy vendor given the fact that the header is being appended properly. Perhaps I’m missing something or there is a bug in this version of Cerberus… does the case sensitivity of the header field matter in any way?
Update: I blocked my IP and verified it is processing the X-Forwarded-For properly – so it is just the Log that is not representing that information apparently.
- You must be logged in to reply to this topic.