Forum Discussion
Kevin_Stewart
Oct 30, 2013Employee
The XFF option in the HTTP profile is an insert, so yes it will allow spoofing. What you need is a replace function:
when HTTP_REQUEST {
foreach x [HTTP::header names] {
if { $x equals "X-FORWARDED-FOR" } {
HTTP::header remove X-FORWARDED-FOR
HTTP::header replace X-FORWARDED-FOR [IP::client_addr]
}
}
}