access_restriction.system_ip_ranges

Background

Defines IP address ranges for Funnelback system devices in the X-Forwarded-For header as these are to be ignored by Funnelback when applying access restrictions. The IP address ranges are specified in CIDR notation.

Setting the key

Set this configuration key in the server configuration.

Use the configuration key editor to add or edit the access_restriction.system_ip_ranges key, and set the value. This can be set to any valid List<String> value.

Default value

By default, access_restriction.system_ip_ranges is not set and all IP addresses will be processed.

access_restriction.ignored_ip_ranges=

Examples

A request goes through a network device (1.2.3.4) and then a second network device (2.3.4.5) and then to the final network device (3.4.5.6) before Funnelback. The X-Forwarded-For header that Funnelback sees will contain

client IP, 1.2.3.4, 2.3.4.5

Since we know all request go through the above network devices We would like to ignore the associated IP addresses (1.2.3.4 and 2.3.4.5), when access restrictions are applied on the client IP address, we thus set

access_restriction.system_ip_ranges=1.2.3.4/32,2.3.4.5/32