Configuring “X-Forwarded-For” Headers

Version 2

    Question:

     

    How do you configure “X-Forwarded-For” Headers?

     

    Answer:

     

    This option ensures that for requests to Wiley Online Library your organization’s public IP is contained in the XFF header, so we can identify you.

     

    >Enable XFF Forwarding – From Zscaler Dashboard, Go to Administration > Under Resources, look and click on Locations. > Click on Edit option next to each location on the list. Scroll down to Gateway Options section. Turn on ‘Enable XFF Forwarding’ .

     

    Enable this option if this location uses proxy chaining to forward traffic to the Zscaler service, and you want the service to use the X-Forwarded-For (XFF) headers that your on-premise proxy server inserts in outbound HTTP requests. The XFF header identifies the client IP address, which can be leveraged by the service to identify the client’s sub-location. When enabling XFF, insert your public IP address. Afterwards, provide us your IP address in order for us to authenticate your IP address through our system. 

     

    Using the XFF headers, the service can apply the appropriate sub-location policy to the transaction, and if Enable IP Surrogate is turned on for the location or sub-location, the appropriate user policy is applied to the transaction. When the service forwards the traffic to its destination, it will remove the original XFF header and replace it with an XFF header that contains the IP address of the client gateway (the organization’s public IP address), ensuring that an organization's internal IP addresses are never exposed to externally.

     

    Installing Zscaler VZEN 

     

    Virtual Zscaler Enforcement Nodes (VZENs) are full-featured secure Internet gateways that provide integrated Internet security. Nodes is a physical device within a network of other devices that’s able to send, receive, and/or forward information such as a computer, server, hub, switch or router.  They inspect all web traffic bi-directionally for malware and enforce security, compliance and next-generation firewall policies.