Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Avi J. Levin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When traffic is coming to the LAC filter from a load balancer (NetScaler, F5 BIG-IP etc), the LB is changing load balancer changes the HTTP source header to the LB load balancer's IP address.

Thus, traffic coming from the LB to the LAC filter have the IP address of the LB, causing This causes IP filtering to be not effectiveineffective.


Solution:

Add a X-Forwarded-For header in IP filtering. This IP HTTP header identifies the originating IP address.


This can be done in the Access Admin Portal in the following path:

Settings > IP filtering > Set ‘IP source' to ‘Header’, and enter x-forwaredforwarded-for in the IP HTTP Header field.

...

Save changes and restart the Bastion.


Info

F5: https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html

KEMP: https://support.kemptechnologies.com/hc/en-us/articles/200694439-Adding-the-X-Forwarded-For-header-via-the-KEMP-LoadMaster