waf ip-intelligence-ignore-x-forwarded-for
Use this command to configure ignoring x-forwarded-for in reputation-based source IP blacklisting.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the wafgrp
area. For details, see Permissions.
Syntax
config waf ip-intelligence-ignore-x-forwarded-for
set ignore-x-forwarded-for {enable | disable}
end
Variable | Description | Default |
By default, FortiWeb scans the IP addresses in the X-Forwarded-For header at the HTTP layer. This causes high resource consumption. To enhance the performance, you can enable Ignore X-Forwarded-For so that the IP addresses can be scanned at the TCP layer instead. This avoids HTTP packets being processed unnecessarily. |
disable |