Project

General

Profile

Actions

Feature #3875

open

Support multiple XFF

Added by Davide Setti over 4 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:
Needs Suricata-Verify test

Description

As of now HTTP XFF support only a single proxy type (forward/reverse) and a single XFF header.

In common deployment scenario suricata receives both traffic from reverse-proxies and forward-proxies.
Also every proxy has its own XFF header and it may not be possible to force all proxies to use the same header name.

So it will be a very important feature to support simultaneously different type of proxies in suricata.

Since this could be an hard issue, it could be simplified with a simple configuration set by turning XFF config into a list of IP-proxy type like this:

xff:
    enabled: no
    proxies:
        - ip: 192.161.1.200
          mode: overwrite
          deployment: reverse
          header: X-Forwarded-For
        - ip: 192.161.1.201
          mode: extra-data
          deployment: forward
          header: X-Client-Ip
Actions #1

Updated by Philippe Antoine 6 months ago

  • Assignee set to Community Ticket
  • Target version set to TBD
  • Label Needs Suricata-Verify test added
Actions

Also available in: Atom PDF