Skip to main content

X-Forwarded-For HTTP Header

Summary

The X-Forwarded-For HTTP header can be used to indicate the IP addresses through which a request has flowed on its way from the end user to an upstream service.

By default, when Pomerium receives a request it will append the IP address of its direct downstream peer to this header value, before proxying the request to the upstream service.

However, if you set the skip_xff_append option to true, Pomerium will not modify any incoming X-Forwarded-For HTTP header. Pomerium will instead pass this incoming header to the upstream service unchanged.

See the Envoy docs for more information about the X-Forwarded-For header.

How to configure

Config file keysEnvironment variablesTypeDefault
skip_xff_appendSKIP_XFF_APPENDbooleanfalse

Examples

# config file key
skip_xff_append: true

# environment variable
SKIP_XFF_APPEND=true