designetwork(EN)

IT technical memo of networking

Insert the X-Forwarded-For header with Cisco ASA in NAPT environment

f:id:daichi703n:20160718160224j:plain

X-Forwarded-For (XFF) header to be important in the HTTP communication of NAPT environment of Proxy environment. In many cases Cisco ASA, which is used as a NAPT router, describes the grant of XFF header.

Check result

In July 2016 it is not possible to grant the X-Forwarded-For header in the Cisco ASA.

As has been discussion here, it can not be added the XFF header. Again as the Cisco HTTP wonder it is out of the area of ​​expertise.

www.experts-exchange.com

Defect information

Since the reverse to that there is a bug problem that will remove the XFF header in the ASA, worth checking the appropriate version.

Cisco ASA and X-Forwarded-For header | Firewalling | Cisco Support Community

Alternative

It would be appropriate to use such specialized HTTP-Proxy server if you want to route HTTP traffic. In terms of NW devices, such as F5 BIG-IP is able to grant the X-Forwarded-For an option.


This Blog is English Version of my JP's.

Sorry if my English sentences are incorrect.

designetwork