access_restriction.system_ip_ranges
Configures any ranges which should be considered 'internal' and hence ignored in X-Forwarded-For processing.
Key: access_restriction.system_ip_ranges
Type: List<String>
Can be set in: global.cfg
Description
Defines IP address ranges for Funnelback system devices in the X-Forwarded-For
header as these are to be ignored
by Funnelback when applying access restrictions. The IP address ranges are specified in CIDR notation.
Default Value
By default access_restriction.system_ip_ranges
is not set and all IP addresses will be processed.
access_restriction.ignored_ip_ranges=
Examples
A request goes through a network device (1.2.3.4) and then a second network device (2.3.4.5) and
then to the final network device (3.4.5.6) before Funnelback.
The X-Forwarded-For
header that Funnelback sees will contain
client IP, 1.2.3.4, 2.3.4.5
Since we know all request go through the above network devices We would like to ignore the associated IP addresses (1.2.3.4 and 2.3.4.5), when access restrictions are applied on the client IP address, we thus set
access_restriction.system_ip_ranges=1.2.3.4/32,2.3.4.5/32