Using X-Forward-For to give access to applications behind NAM
We wanted to use the X-Forward-For address to give users access to certain applications. But with the Firefox extension "X-Forwarded-For Injector" you can spoof any IP address you want.
Is it a no-go to use X-Forward-For to give users access to applications? Just want to know if it can be used and that I did something wrong with the configuration. Or that we need to search for an other solution..if there is any.
We configured an Authorization Policy with the "X-Forward-For IP" option and then added the trusted IP's.
Re: Using X-Forward-For to give access to applications behind NAM
It depends i guess. If your NAM solution is fronted by a load balancer which injects a XFF header and scrubs whatever is already there then you can trust it but if it simply appends an additional XFF header and leaves existing ones in place then I would not trust it.