Michel--NL Regular Contributor.
Regular Contributor.
115 views

Using X-Forward-For to give access to applications behind NAM

We wanted to use the X-Forward-For address to give users access to certain applications. But with the Firefox extension "X-Forwarded-For Injector" you can spoof any IP address you want.

Is it a no-go to use X-Forward-For to give users access to applications? Just want to know if it can be used and that I did something wrong with the configuration. Or that we need to search for an other solution..if there is any.

We configured an Authorization Policy with the "X-Forward-For IP" option and then added the trusted IP's.

Naamloos.png

0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Using X-Forward-For to give access to applications behind NAM

It depends i guess. If your NAM solution is fronted by a load balancer which injects a XFF header and scrubs whatever is already there then you can trust it but if it simply appends an additional XFF header and leaves existing ones in place then I would not trust it.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.