Can PA block IP address in X-Forwarded-For ?

Reply
L1 Bithead

Can PA block IP address in X-Forwarded-For ?

Hello,

 

I built the sandwich type with external ELB & internal ELB.

As you know, external ELB shifts original client IP to X-Forwarded-For.

I enabled 'Use X-Forwarded-For Header in User-ID and I looked XFF IP in user-id of URL Filtering logs.

But PA has not shown XFF IP in traffic logs. 

I would like to block XFF IP using user-ID. 

If anyone knew it, Please let me know it.

 

Thanks,

KC Lee

Palo Alto Networks Guru

Re: Can PA block IP address in X-Forwarded-For ?

Hi KC Lee,

 

One of our TMEs has a working prototype that uses Lambda to map IPs learned from XFF to a User-ID group that can then be blocked by policy.  It isn't ready to be published as a template yet but if you'd like a preview, please reach out to your sales team to schedule a demo.

 

HTH,


Warby

Palo Alto Networks Guru

Re: Can PA block IP address in X-Forwarded-For ?

The XFF to User-ID solution has been published on GitHub: https://github.com/PaloAltoNetworks/XFF-to-User-ID-mapping

 

L0 Member

Re: Can PA block IP address in X-Forwarded-For ?

The solution provided deployes the XFF solution into an new VPC and Palo Alto instance. Is there any cloudformation template that is available to be deployed into an existing VPC and Palo Alto?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!