WAF : forward client IP and port by http header

Question

Hi ,

I want to use WAF to protect my application but I need to get client's IP and port for my application to work.
I know that I can use X-Forwarded-For (XFF) header to get the client's IP but for port, I don't see any options for that.
Would advice if there is any way for me to get the client Port data ? 
Many many thanks.

Accepted Answer

yes it is related with which WAF are you using for example

In AWS WAF, when used with an Application Load Balancer, there is an attribute called routing.http.xff_client_port.enabled. When set to true, this attribute allows the X-Forwarded-For header to preserve the source port that the client used to connect to the load balancer. By default, this attribute is set to false​0

Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false","pub_date":null}}​.

If you need to forward the client port to your application, you should set this attribute to true. This will cause the Application Load Balancer to include the client's source port in the X-Forwarded-For header, which can then be read by your application.

Answer

This would depend on the underlying service calling WAF, rather than WAF itself. For example, for CloudFront, you could use the [CloudFront-Viewer-Address header](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-cloudfront-headers.html#cloudfront-headers-viewer-location)

WAF : forward client IP and port by http header

相關內容