X-Forwarded-For
- 17 Dec 2024
- 4 Minutes to read
- Print
- PDF
X-Forwarded-For
- Updated on 17 Dec 2024
- 4 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
The X-Forwarded-For header is an HTTP header used to identify the originating IP address of a client (end-user) when a request passes through intermediaries like proxies, load balancers, or CDNs. Without this header, the client's IP address would be hidden, as the server would only see the IP of the last intermediary.
The structure of this header is: X-Forwarded-For: client1, proxy1, proxy 2 where client1 is the IP address of the original client, and proxy1, proxy2 are the IP addresses of any intermediaries (proxies) that the request passed through.
By default, the CDN excludes the X-Forwarded-For header from origin requests. If the header is present in the client request to the CDN, it is automatically removed by the CDN before the request is forwarded to the origin.
To include the X-Forwarded-For header in the origin request, configure an X-Forwarded-For rule. Use the rule parameters to specify which IPs to include in the header.
The IPs are transmitted as plain text within the header.
Configure the Rule
Here, we'll describe how to configure the rule with the Delivery Service Management UI.
API Users may choose to build the site configuration offline.
To configure an X-Forwarded-For rule:
In the Select Rule dialog, choose X-Forwarded-For.
In the X-Forwarded-For Rule dialog, Toggle on the Send X-Forwarded-For header option.
This instructs the CDN to include the X-Forwarded-For header in the request to the origin. (If the client request does not already include the header, it is added to the request by the CDN.)
Set the additional rule parameters to determine exactly what data is passed with the X-Forwarded-For header.
The header always includes the detected IP address of the entity directly connecting to the CDN to request content. If the request is made through a proxy server, the detected IP is the proxy server's IP address and not the actual end-user's IP address.
Parameter Description Header Existing Values Specifies how the CDN handles any X-Forwarded-For values included in the client request.
- Remove Existing Values - Removes all X-Forwarded-For values from the client request, if header is present.
- Preserve Existing Values - Preserves all X-Forwarded-For values from the client request, if the header is present.Append Qwilt node IPs Instructs the CDN to include or exclude the IP addresses of the CDN caches in the request path. Choose Add Rule.
SVTA Component: QW.HdrXFwFor
When you save the configuration version, the QW.HdrXFwFor SVTA component is added to the configuration JSON.
This is a private feature developed by Qwilt. In the JSON format, private features are nested within the MI.PrivateFeaturesList object, in the "generic-metadata-value" "features" field.
Parameters
| Field | Valid Values | Default value | Description |
|---|---|---|---|
| sendXFFHeader | true, false | false | Specifies whether the X-Forwarded-For header is included in the origin request. |
| existingValues | preserve, remove | remove | Defines whether to retain existing X-Forwarded-For values from the client request. |
| appendQwiltNodeIPs | true, false | false | Determines whether the IP addresses of the CDN caches in the request path are appended to the header. |
Examples
This example configuration directs the CDN to send a header containing only the detected IP address of the entity that directly connected to the CDN to request content. If the request is made through a proxy server, the detected IP is the proxy server's IP address instead of the actual end-user's IP address.
"generic-metadata-type": "MI.PrivateFeatureList",
"generic-metadata-value": {
"features": [
{
"feature-oid": "Qwilt",
"feature-type": "QW.HdrXFwFor",
"feature-value": {
"sendXFFHeader": true,
"existingValues": "remove",
"appendQwiltNodeIPs": false
}
}
]
}
Preserve Existing Values
In this example:
- If the client request includes the X-Forwarded-For header, the CDN preserves the existing header values and appends the detected client IP.
- If the client request does not include the X-Forwarded-For header, the CDN adds the header to the origin request with the detected client IP as its value.
"generic-metadata-type": "MI.PrivateFeatureList",
"generic-metadata-value": {
"features": [
{
"feature-oid": "Qwilt",
"feature-type": "QW.HdrXFwFor",
"feature-value": {
"sendXFFHeader": true,
"existingValues": "preserve",
"appendQwiltNodeIPs": false
}
}
]
}
Preserve Existing Values and Append Qwilt Node IPs
In this example:
- If the client request includes the X-Forwarded-For header, the CDN preserves the existing header values and appends the detected client IP along with the Qwilt node (Qwilt cache) IPs.
- If the client request does not include the X-Forwarded-For header, the CDN adds the header to the origin request, setting its value to the detected client IP and Qwilt node (Qwilt cache) IPs.
"generic-metadata-type": "MI.PrivateFeatureList",
"generic-metadata-value": {
"features": [
{
"feature-oid": "Qwilt",
"feature-type": "QW.HdrXFwFor",
"feature-value": {
"sendXFFHeader": true,
"existingValues": "preserve",
"appendQwiltNodeIPs": true
}
}
]
}
Remove Existing Values and Append Qwilt Node IPs
In this example:
- If the client request includes the X-Forwarded-For header, the CDN removes the existing header values and replaces them with the detected client IP and the Qwilt node (Qwilt cache) IPs.
- If the client request does not include the X-Forwarded-For header, the CDN adds the header to the origin request, setting its value to the detected client IP and Qwilt node (Qwilt cache) IPs.
"generic-metadata-type": "MI.PrivateFeatureList",
"generic-metadata-value": {
"features": [
{
"feature-oid": "Qwilt",
"feature-type": "QW.HdrXFwFor",
"feature-value": {
"sendXFFHeader": true,
"existingValues": "remove",
"appendQwiltNodeIPs": true
}
}
]
}
Was this article helpful?