Request Header inspection for client ip

Home Forums General General Help Request Header inspection for client ip

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #30928
    kaluaabyss
    Participant

    Does Cerberus inspect the header for fields like ‘X-forwarded-for’ in order to capture the real client IP?

    In our environment, a Netscaler is acting as a reverse proxy in our DMZ. Cerberus only captures the Netscaler’s SNIP instead of the real client IP. I’ve tried sending ‘X-forwarded-for’ but I don’t know if Cerberus is even inspecting the header data or what field it might be looking for.

    Thank you.

    #37762
    pacman
    Participant

    Yes, Cerberus looks at X-Forwarded-For header for HTTPS connection.

    FTP and SFTP have no such headers or standard capability to convey that the connection originated elsewhere. It’s up to the firewall to use the client IP for the source port when it forwards the connection on.

    There’s nothing that needs to be enabled in Cerberus for the server to take advantage of the X-Forwarded-For header.

    #37760
    kaluaabyss
    Participant

    Thanks for your reply. Good to know it should be working for HTTPS – now to figure out why it isn’t.

    #37761
    kaluaabyss
    Participant

    I added a HTTP version of my configuration so I could inspect the packets easily and verified X-Forwarded-For is in the received packets. Unfortunately, the Cerberus Log is still showing the Netscaler’s SNIP instead of the X-Forwarded-For IP.

    Any ideas?

    Thank you.

    #37763
    pacman
    Participant

    I would make sure that you are running on the latest version of Cerberus and if so I would reach out the firewall vendor.

    #37764
    kaluaabyss
    Participant

    Thanks pacman.

    My Cerberus version is 9.0.0.6 which appears to be the latest.

    The actual packet received by the Cerberus server has X-Forwarded-For in it, but the Cerberus Log is not referencing it. Not sure what I could tell the reverse proxy vendor given the fact that the header is being appended properly. Perhaps I’m missing something or there is a bug in this version of Cerberus… does the case sensitivity of the header field matter in any way?

    Update: I blocked my IP and verified it is processing the X-Forwarded-For properly – so it is just the Log that is not representing that information apparently.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.
Close Cart

Shopping Cart