Jumat, 08 Juni 2018

Sponsored Links

Transparency
src: kemptechnologies.com

HTTP header field X-Forwarded-For ( XFF ) is a common method for identifying IP addresses of origin of clients connected to a web server via HTTP proxy or balancer loading.

The HTTP XFF request header was introduced by the squid proxy caching server developer. An RFC is proposed in the Internet Engineering Task Force (IETF).

X-Forwarded-For is also an email-header indicating that email messages are forwarded from one or more other accounts (possibly automatically).

In this context, most cache servers are often big ISPs that push or force their users to use a proxy server for access to the World Wide Web, something that is often done to reduce external bandwidth through caching. In some cases, this proxy server is a transparent proxy, and users may not be aware that they are using it.

Without the use of XFF or other similar techniques, any connection through the proxy will reveal only the original IP address of the proxy server, which effectively converts the proxy server to an anonymous service, thus making detection and prevention of rough access significantly more difficult than if the original IP address which are available. XFF's usability depends on the proxy server that honestly reports the original host's IP address; for this reason, the effective use of XFF requires knowledge of which proxies can be trusted, for example by searching them in whitelist servers that are trustworthy managers.


Video X-Forwarded-For



Format

Format umum bidang adalah:

X-Forwarded-For: klien, proxy1, proxy2

where the value is a comma separated list of IP addresses, the leftmost is the original client, and each successive proxy that forwards the request adds the IP address where it received the request from. In this example, the request passes proxy1, proxy2, and then proxy3 (not shown in the header). proxy3 appears as a remote address of the request.

Because it is easy to forge an X-Forwarded-For field, the information provided should be used with caution. The last IP address is always the IP address connected to the last proxy, which means it is the most reliable source of information. X-Forwarded-For data can be used in advanced or reverse proxy scenarios.

Just listing the X-Forwarded-For field is not always enough because the last proxy IP address in the chain is not contained in the X-Forwarded-For field, it's in the actual IP header. The web server must record the BOTH source IP address of the query and the X-Forwarded-For field information for completeness.

Maps X-Forwarded-For



Proxy server and caching engine

Bidang X-Forwarded-For didukung oleh sebagian besar server proxy, termasuk A10 Networks, aiScaler, Squid, Apache mod_proxy, Pound, HAProxy, Varnish, Alat Keamanan Web Web IronPort, AVANU WebMux, Array Networks, AppDirector Radware, Alteon ADC, ADC- VX, dan ADC-VA, F5 Big-IP, ProxySG Blue Coat, Mesin Cache Cisco, Gateway Web McAfee, Phion Airlock, Vital Security Finjan, NetApp NetCache, jetNEXUS, Maestro, Web Adjuster WebSense, Websense Gateway Gateway dari Cisco, Microsoft Forefront Threat Management Gateway 2010 (TMG) dan NGINX.

X-Forwarded-For logging is supported by many web servers including Apache. IIS can also use HTTP Module for this filtering.

Zscaler will cover the X-Forwarded-For header with Z-Forwarded-For, before adding the own X-Forwarded-For header that identifies the IP address of the originating customer. This prevents internal IP addresses from leaking from Zscaler Enforcement Nodes, and provides third-party content providers with correct IP addresses from customers. This results in an HTC non-compliant HTC request.

Client IP in NGINX reverse proxy - YouTube
src: i.ytimg.com


Load balancers

AVANU WebMux Network Traffic Manager, an application delivery load balancing solution inserts X-Forwarded-For headers by default in One-Armed Single Network Mode and is available as an agricultural option in Two-Armed NAT, Two-Armed Transparent and One Mode Direct Returns Server -Rrad.

Barracuda Load Balancer from Barracuda Networks supports user-specified headers like X-Forwarded-For to insert client IP addresses into client requests.

NetScaler Citrix Systems supports user-defined fields such as X-Forwarded-For to insert client IP addresses into client requests.

Cisco ACE Load Balancing Modules can also enter this field, usually implemented when load balancer is configured to perform NAT sources, to allow load balancers to exist in a one-armed configuration, while providing a mechanism that can be used by real servers for accounts for source IP addresses of clients. The reference specifies x-forward, but X-Forwarded-For can be replaced.

Load balancing support F5 Networks supports X-Forwarded-For for one-armed and multi-armed configurations. Big-IP can also be configured to delegate credentials to the proxy of more than one hop, and receive a special X-Forwarded-For header from another source.

LineRate virtual load balancing supports X-Forwarded-For via a command-line drive configuration, or through node.js scripts

KEMP Technologies LoadMaster supports X-Forwarded-For for non-transparent load balancing in both one-armed and multi-armed configuration.

Coyote Point Systems Equalizer supports the X-Forwarded-For field for load balancing in one-armed configuration and multi-armed configurations.

OpenBSD relay can insert and/or change this field.

Amazon's Elastic Load Balancing Service supports this field.

LBL LoadBalancer supports X-Forwarded-For for single-armed and multi-armed configurations.

Radware AppDirector ADC, Alteon ADC, ADC-VX, and ADC-VA support insert X-Forwarded-For for traffic that is the source of NAT to the server, as well, being able to provide traffic persistence based on X-Forwarded-For header for distribute traffic from proxy connections to multiple servers while maintaining persistence to the server.

Loadbalancer.org Enterprise load balancers support X-Forwarded-For load balancing by default

Transparency
src: kemptechnologies.com


Alternatives and variations

In 2014 RFC 7239 standardize new headers that are forwarded with similar goals but more features than the XFF. Example of header syntax Forward:

 Forward: to = 192.0.2.60; proto = http; by = 203.0.113.43  

HAProxy introduced an alternative to XFF , which is more efficient for outlining the packet PROXY protocol. It can be used on some transport protocols and does not need to check the internal protocol, so it is not limited to HTTP.

Preventing a Spoof of an X-Forwarded-For Request - YouTube
src: i.ytimg.com


See also

  • Internet privacy
  • List of proxy software
  • X-Originating-IP for SMTP equivalent
  • List of HTTP header fields

VMware Horizon Workspace
src: kemptechnologies.com


References


Aerofs Host Header Injection (HTTPS X-Forwarded Attack) - YouTube
src: i.ytimg.com


External links

  • Apache mod_extract_forwarded

Source of the article : Wikipedia

Comments
0 Comments