How to Add IP HTTP Header to IP filtering?

Owned by Agat Support
Last updated: Apr 13, 2022 by Avi J. Levin (Unlicensed)
1 min read

Problem:

When traffic is coming to the LAC filter from a load balancer (NetScaler, F5 BIG-IP etc), the load balancer changes the HTTP source header to the load balancer's IP address.

This causes IP filtering to be ineffective.


Solution:

Add a X-Forwarded-For header in IP filtering. This IP HTTP header identifies the originating IP address.


This can be done in the Admin Portal in the following path:

Settings > IP filtering > Set ‘IP source' to ‘Header’, and enter x-forwarded-for in the IP HTTP Header field.



Save changes and restart the Bastion.


F5: https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html

KEMP: https://support.kemptechnologies.com/hc/en-us/articles/200694439-Adding-the-X-Forwarded-For-header-via-the-KEMP-LoadMaster