Actions
Feature #3875
openSupport multiple XFF
Effort:
Difficulty:
Label:
Needs Suricata-Verify test
Description
As of now HTTP XFF support only a single proxy type (forward/reverse) and a single XFF header.
In common deployment scenario suricata receives both traffic from reverse-proxies and forward-proxies.
Also every proxy has its own XFF header and it may not be possible to force all proxies to use the same header name.
So it will be a very important feature to support simultaneously different type of proxies in suricata.
Since this could be an hard issue, it could be simplified with a simple configuration set by turning XFF config into a list of IP-proxy type like this:
xff:
enabled: no
proxies:
- ip: 192.161.1.200
mode: overwrite
deployment: reverse
header: X-Forwarded-For
- ip: 192.161.1.201
mode: extra-data
deployment: forward
header: X-Client-Ip
Actions