https://live.paloaltonetworks.com/t5/general-topics/xff-for-security-policy/m-p/531892#M109675 <P>Thanks&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;</P> <P>Rewriting HTTP header on Application Gateway to remove port information made it work.</P> Tue, 21 Feb 2023 16:58:00 GMT raji_toor 2023-02-21T16:58:00Z https://live.paloaltonetworks.com/t5/general-topics/xff-for-security-policy/m-p/531637#M109638 <P>Trying to implement this.</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/use-xff-values-for-ip-based-security-policy-and-logging" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/use-xff-values-for-ip-based-security-policy-and-logging</A></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 676px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48072iE3BD17816C4706A5/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>Azure Web Application Gateway is in the front, acting as proxy. I can see packet captures for port 80 x-forward for is included</P> <P>But i don't see xff in traffic logs, and matching the url accessed shows traffic from Azure Gateways internal backend IP and not from the original client IP in XFF.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 407px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48073i6A694AF66E72B94B/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>How ever I don't see IP under XFF traffic logs as source ip</P> <P>Also i tried adding source ip to be blocked to test, and could not get it to work</P> Sat, 18 Feb 2023 00:26:49 GMT https://live.paloaltonetworks.com/t5/general-topics/xff-for-security-policy/m-p/531637#M109638 raji_toor 2023-02-18T00:26:49Z https://live.paloaltonetworks.com/t5/general-topics/xff-for-security-policy/m-p/531716#M109647 <P>Hello, I suspect that because also the port is included it causes issues. Try to have an HTTP header that contains just one IP address without a port :</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIVCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIVCA0</A></P> <P>&nbsp;</P> Mon, 20 Feb 2023 09:12:58 GMT https://live.paloaltonetworks.com/t5/general-topics/xff-for-security-policy/m-p/531716#M109647 nikoolayy1 2023-02-20T09:12:58Z https://live.paloaltonetworks.com/t5/general-topics/xff-for-security-policy/m-p/531892#M109675 <P>Thanks&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;</P> <P>Rewriting HTTP header on Application Gateway to remove port information made it work.</P> Tue, 21 Feb 2023 16:58:00 GMT https://live.paloaltonetworks.com/t5/general-topics/xff-for-security-policy/m-p/531892#M109675 raji_toor 2023-02-21T16:58:00Z