< Home

http x-forwarded-for check

Function

The http x-forwarded-for check command enables detection of the X-Forwarded-For field in HTTP packets.

The undo http x-forwarded-for check command disables detection of the X-Forwarded-For field in HTTP packets.

Format

http x-forwarded-for check { any | whitelist } action { alert | block }

undo http x-forwarded-for check

Parameters

Parameter Description Value

any

When an HTTP packet contains the X-Forwarded-For field, an anomaly is detected.

-

whitelist

Detects whether all proxy IP addresses in the X-Forwarded-For field match the whitelist. If no, an anomaly is detected.

-

action

Specifies the action.

-

alert

When the X-Forwarded-For field in an HTTP packet is abnormal, the packet is permitted, and a log is recorded.

-

block

When the X-Forwarded-For field in an HTTP packet is abnormal, the packet is blocked, and a log is recorded.

-

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

If you have configured the detection of whether all proxy IP addresses in the X-Forwarded-For field match a whitelist (whitelist), you need also to run the http x-forwarded-for whitelist command to configure such a whitelist.

By default, this function is disabled.

Example

# In IPS profile profile1, enable detection of the X-Forwarded-For field in HTTP packets and set the action to block if the packets contain such a field.

<sysname> system-view
[sysname] profile type ips name profile1
[sysname-profile-ips-profile1] http x-forwarded-for check any action block
Parent Topic: Intrusion Prevention Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >