The http x-forwarded-for whitelist command configures a whitelist used to detect the X-Forwarded-For field.
The undo http x-forwarded-for whitelist command deletes an existing whitelist.
http x-forwarded-for whitelist ipv4 ip-address
undo http x-forwarded-for whitelist { all | ipv4 ip-address }
| Parameter | Description | Value |
|---|---|---|
ipv4 ip-address |
Indicates an IP address. |
The IP address is in dotted decimal format. |
all |
Deletes all whitelists. |
- |
To use the http x-forwarded-for check command to enable the detection of whether all proxy IP addresses in the X-Forwarded-For field match a whitelist, you need also to use the http x-forwarded-for whitelist command to configure such a whitelist. If not all proxy IP addresses in the X-Forwarded-For field match the whitelist, an anomaly is detected.
You can configure a maximum of 32 IP addresses in a whitelist.
# In IPS profile profile1, configure a whitelist used to detect the X-Forwarded-For field and set the IP address to 10.1.1.1.
<sysname> system-view [sysname] profile type ips name profile1 [sysname-profile-ips-profile1] http x-forwarded-for check whitelist action block [sysname-profile-ips-profile1] http x-forwarded-for whitelist ipv4 10.1.1.1