Configures any ranges which should be considered 'internal' and hence ignored in X-Forwarded-For processing.

Key: access_restriction.system_ip_ranges
Type: List<String>
Can be set in: global.cfg


Defines IP address ranges for Funnelback system devices in the X-Forwarded-For header as these are to be ignored by Funnelback when applying access restrictions. The IP address ranges are specified in CIDR notation.

Default Value

By default access_restriction.system_ip_ranges is not set and all IP addresses will be processed.



A request goes through a network device ( and then a second network device ( and then to the final network device ( before Funnelback. The X-Forwarded-For header that Funnelback sees will contain

client IP,,

Since we know all request go through the above network devices We would like to ignore the associated IP addresses ( and, when access restrictions are applied on the client IP address, we thus set