How to Send XFF To Palo Alto

pattarachai · July 23, 2021, 1:43am

Hi Expert ,

I would like to know about now we have deploy reverse proxy front of Firewall Palo alto If we need to visibility Original ip from reverse proxy of cloudflare insert x-foward-for to Palo alto how to do and on the Palo alto side should be enable loggig XFF too and should be decrytion ssl in case traffic as encryption .

Thank you

michael · July 23, 2021, 2:43am

Cloudflare send the XFF by default on all requests. It is recommended to use the CF-Connecting-IP header to restore the client IP I’m these situations.

https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-CloudFlare-handle-HTTP-Request-headers-

pattarachai · July 23, 2021, 3:10am

Hi @michael

Thank for your response I have a littele bit question on the Firewall side should be decreytion traffic from reverse proxy in case need to see x-foward-for ?

michael · July 23, 2021, 3:17am

Yes, you will need to decrypt to inspect the headers. However, as the key you need is the origin server key, this should be accessible to you.

system · August 7, 2021, 3:18am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Received X-Forwarded-For header from an untrusted proxy 172.30.33.6 Cloudflare Tunnel	3	1885	October 8, 2023
How to get X-Real-IP from special server requests General	7	3333	October 27, 2021
X-Forwarded-For and CF-Connecting-IP not working "properly" in end server Website, Application, Performance	2	346	May 29, 2024
How to let Cloudflare get another CDN's true client IP? Getting Started	16	2515	January 2, 2023
Show XForwardedFor as a column in Firewall logs Feature Request Submitting & Feedback	11	3430	November 26, 2019

How to Send XFF To Palo Alto

Related topics