Guest

Preview Tool

Cisco Bug: CSCup76669 - [Enhancement]To strip XFF header from HTTPS

Last Modified

Nov 12, 2016

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

7.7.0-HP3-736

Description (partial)

Symptom:
WSA is sending out XFF headers to the destination server for HTTPS traffics

Conditions:
Configurations:
* Downstream proxy:
=======================
- Perform HTTPS decryption/inspection
- Set to send X-Forwarded-For header from GUI and CLI

* Upstream proxy:
=======================
- Configuration to do not inspect HTTPS traffics or Tunnel/passtrough
- Set to do not send XFF header from GUI and CLI
- Set to Use Received Headers from the downstream proxy

the enhancement request is to not send the XFF header out to the destination server using their current scenario means that they require the upstream proxy WSA to not applying XFF headers for HTTPS traffics that have been decrypted before and has been set to send XFF header to the upstream WSA
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.