Yes, Alert Logic® Web Security Manager Premier™ can be configured to leave the XFF header untouched if it receives the request from a trusted proxy. It must be a proxy with a source IP that is within a subnet that is configured in Web Security Manager.
For example, suppose Web Security Manager is deployed in a private network behind a load balancer that terminates at L7. Both appliances are in the 10.0.0.0/8 subnet.
- If the 10.0.0.0/8 subnet is entered in the trusted proxy field, the client source IP will be extracted from the XFF header.
- If the "Keep X-Forwarded-For..." option is selected, Web Security Manager will leave the XFF header (and the XFP header) untouched when forwarding the request to the back end.