X-Forwarded-For HTTP Header
Summary
The X-Forwarded-For
HTTP header can be used to indicate the IP addresses through which a request has flowed on its way from the end user to an upstream service.
By default, when Pomerium receives a request it will append the IP address of its direct downstream peer to this header value, before proxying the request to the upstream service.
However, if you set the skip_xff_append
option to true, Pomerium will not modify any incoming X-Forwarded-For
HTTP header. Pomerium will instead pass this incoming header to the upstream service unchanged.
See the Envoy docs for more information about the X-Forwarded-For
header.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Default |
---|---|---|---|
skip_xff_append | SKIP_XFF_APPEND | boolean | false |
Configure X-Forward-For HTTP Headers with the toggle button in the Console. The button has three states:
- Unset ("-") uses the value in your configuration file
- Checkmark sets
skip_xff_append
totrue
- Empty sets
skip_xff_append
tofalse
Kubernetes does not support skip_xff_append
Examples
# config file key
skip_xff_append: true
# environment variable
SKIP_XFF_APPEND=true