Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiWeb 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    XFF trust IPs (7.6.0)

    XFF trust IPs (7.6.0)

    For the Trusted X-Header Sources table in Server Objects > X-Forwarded-For, we have removed the previous limitation of 256 IP address entries. Now, you can define IP ranges and IP groups within this table.

    FortiWeb will only trust the X-headers of the IPs that you specified in Trusted X-Header Sources table. If you do not specify Trusted X-Header Sources, X-headers of all IPs will be trusted by FortiWeb.

    To configure the Trusted X-Header Sources table:

    1. On the X-Forwarded-For rule editing page, click Create New.
    2. Configure the following settings. The IP address should be the one of the external proxy or load balancer according to packets’ SRC field in the IP layer when received by FortiWeb.
      TypeSelect whether to define an IP address/IP range, or reference an IP group.

      IPv4/IPv6 / IP Range

      Type the client’s source IP address.

      You can enter either a single IP address or a range of addresses (e.g. 1.2.3.4,2001::1,1.2.3.4-1.2.3.40,2001::1-2001::100). Multiple addresses or ranges should be separated with comma ",".

      The maximum length for the IPv4/IPv6/IP Range is 1024.

      IP Group

      Select the IP Group you have created in Server Objects > IP Groups. By using the IP group, you can save the effort to type the IP addresses every time you need to re-use them. For more information, see Creating IP groups.

    3. Click OK.

    For more information on X-Forwarded-For, see Defining your proxies, clients, & X-headers.

    Previous
    Next

    XFF trust IPs (7.6.0)

    XFF trust IPs (7.6.0)

    For the Trusted X-Header Sources table in Server Objects > X-Forwarded-For, we have removed the previous limitation of 256 IP address entries. Now, you can define IP ranges and IP groups within this table.

    FortiWeb will only trust the X-headers of the IPs that you specified in Trusted X-Header Sources table. If you do not specify Trusted X-Header Sources, X-headers of all IPs will be trusted by FortiWeb.

    To configure the Trusted X-Header Sources table:

    1. On the X-Forwarded-For rule editing page, click Create New.
    2. Configure the following settings. The IP address should be the one of the external proxy or load balancer according to packets’ SRC field in the IP layer when received by FortiWeb.
      TypeSelect whether to define an IP address/IP range, or reference an IP group.

      IPv4/IPv6 / IP Range

      Type the client’s source IP address.

      You can enter either a single IP address or a range of addresses (e.g. 1.2.3.4,2001::1,1.2.3.4-1.2.3.40,2001::1-2001::100). Multiple addresses or ranges should be separated with comma ",".

      The maximum length for the IPv4/IPv6/IP Range is 1024.

      IP Group

      Select the IP Group you have created in Server Objects > IP Groups. By using the IP group, you can save the effort to type the IP addresses every time you need to re-use them. For more information, see Creating IP groups.

    3. Click OK.

    For more information on X-Forwarded-For, see Defining your proxies, clients, & X-headers.

    Previous
    Next