Support multiple XFF
As of now HTTP XFF support only a single proxy type (forward/reverse) and a single XFF header.
In common deployment scenario suricata receives both traffic from reverse-proxies and forward-proxies.
Also every proxy has its own XFF header and it may not be possible to force all proxies to use the same header name.
So it will be a very important feature to support simultaneously different type of proxies in suricata.
Since this could be an hard issue, it could be simplified with a simple configuration set by turning XFF config into a list of IP-proxy type like this:
xff: enabled: no proxies: - ip: 184.108.40.206 mode: overwrite deployment: reverse header: X-Forwarded-For - ip: 220.127.116.11 mode: extra-data deployment: forward header: X-Client-Ip
No data to display