Support X-Forwarded-For headers
Due to insurance and industry requirements we are required to host CW Control behind an approved WAF/Proxy. But in doing so all WEB activity is logged with the WAF/proxy IP instead of the endclient IP. This decreases the value of the built-in CW Control logging and triggers functionality.
Support has confirmed that CW Control does not currently support X-Forwarded-For (XFF) which is a de-facto web standard for passing client IPs through web Proxies. Can we get this header feature added? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
I was told Control is unable to read the header response so I wouldn't be able to manually enable it via "Security Toolkit" > "ExtraSecurityHttpHeadersList".
Thanks,
Answer
Thanks for your request, after speaking with our Architecture team I have registered this request for future consideration.
The key concern is that the product would have to become much more aware of the reverse proxy sitting in front of it in order to properly handle the traffic in a secure manner.
Customer support service by UserEcho
Thanks for your request, after speaking with our Architecture team I have registered this request for future consideration.
The key concern is that the product would have to become much more aware of the reverse proxy sitting in front of it in order to properly handle the traffic in a secure manner.